Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-52989

Name of the Vulnerable Software and Affected Versions DMP-5000 affected versions not specified Description The file service allows authenticated users to upload files of any type without validation. The system does not enforce file extension filtering or content inspection, which enables the uplo...

8.4CVSS5.8AI score0.00341EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-17448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat...

7.8CVSS7.4AI score0.02281EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.7 views

Parse Server Path Traversal Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server that stems from the application crashing when uploading files with no extension...

7.5CVSS6.7AI score0.01053EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.4 views

PT-2023-29852 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.5.6 Parse Server versions prior to 6.3.1 Description: Parse Server crashes when uploading a file without extension. This issue has been patched in versions 5.5.6 and 6.3.1. Recommendations: For versions prior ...

7.5CVSS7.3AI score0.01053EPSS
Exploits0References12
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.5 views

Liquidfiles 跨站脚本漏洞

Liquidfiles Liquidfiles is a storage service for large, secure file transfers and sharing for companies and organizations from US-based Liquidfiles, Inc. LiquidFiles 3.4.15 suffers from a cross-site scripting vulnerability that originates from a payload execution on click if a file has no extensi...

5.4CVSS5.5AI score0.0136EPSS
Exploits3References8
OSV
OSV
added 2021/01/07 2:15 p.m.3 views

UBUNTU-CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...

8.8CVSS7.3AI score0.01289EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/15 12:0 a.m.5 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox in that if a user downloads a file without an extension on Windows, and then "opens" it in the download panel, the executable will be launched if the...

8.8CVSS7.3AI score0.01467EPSS
Exploits0References13
OSV
OSV
added 2020/08/11 5:15 p.m.1 views

UBUNTU-CVE-2020-17448

Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension...

7.8CVSS5.8AI score0.02281EPSS
Exploits0References2
OSV
OSV
added 2018/06/07 2:29 a.m.5 views

CVE-2017-16130

exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as...

7.5CVSS5.8AI score0.02005EPSS
Exploits1References2
CNVD
CNVD
added 2016/05/16 12:0 a.m.2 views

OurPHP backend has an arbitrary file upload vulnerability

OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. The upload file management module under the "Global/Interface" module in the administration background of OurPHP has the function of uploading hidden files. Since the...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/12/17 6:19 a.m.3 views

WinRAR may insecurely load executable files

Overview WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file. WinRAR also...

7.8CVSS6.3AI score0.00914EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

doop cms <= 1.4.0b (csrf/upload shell) Multiple Vulnerabilities

No description provided by source. -------------------------------------------------------------------------- | Project: Doop = 1.4.0b CSRF && Upload Shell | | Author: x0r | | Email: [email protected] | || -- CSRF Change Admin Pass --...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/11/25 12:0 a.m.15 views

LoveCMS 1.6.2 Final (Download Manager 1.0) File Upload Exploit

Exploit for unknown platform in category web applications ============================================================== LoveCMS 1.6.2 Final Download Manager 1.0 File Upload Exploit ============================================================== \n", $argv0; printf" Ex.: php %s localhost/lovecms...

7.1AI score
Exploits0
Rows per page
Query Builder