13 matches found
PT-2026-52989
Name of the Vulnerable Software and Affected Versions DMP-5000 affected versions not specified Description The file service allows authenticated users to upload files of any type without validation. The system does not enforce file extension filtering or content inspection, which enables the uplo...
Linux Distros Unpatched Vulnerability : CVE-2020-17448
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat...
Parse Server Path Traversal Vulnerability
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server that stems from the application crashing when uploading files with no extension...
PT-2023-29852 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.5.6 Parse Server versions prior to 6.3.1 Description: Parse Server crashes when uploading a file without extension. This issue has been patched in versions 5.5.6 and 6.3.1. Recommendations: For versions prior ...
Liquidfiles 跨站脚本漏洞
Liquidfiles Liquidfiles is a storage service for large, secure file transfers and sharing for companies and organizations from US-based Liquidfiles, Inc. LiquidFiles 3.4.15 suffers from a cross-site scripting vulnerability that originates from a payload execution on click if a file has no extensi...
UBUNTU-CVE-2020-35112
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox in that if a user downloads a file without an extension on Windows, and then "opens" it in the download panel, the executable will be launched if the...
UBUNTU-CVE-2020-17448
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension...
CVE-2017-16130
exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as...
OurPHP backend has an arbitrary file upload vulnerability
OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. The upload file management module under the "Global/Interface" module in the administration background of OurPHP has the function of uploading hidden files. Since the...
WinRAR may insecurely load executable files
Overview WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file. WinRAR also...
doop cms <= 1.4.0b (csrf/upload shell) Multiple Vulnerabilities
No description provided by source. -------------------------------------------------------------------------- | Project: Doop = 1.4.0b CSRF && Upload Shell | | Author: x0r | | Email: [email protected] | || -- CSRF Change Admin Pass --...
LoveCMS 1.6.2 Final (Download Manager 1.0) File Upload Exploit
Exploit for unknown platform in category web applications ============================================================== LoveCMS 1.6.2 Final Download Manager 1.0 File Upload Exploit ============================================================== \n", $argv0; printf" Ex.: php %s localhost/lovecms...