Lucene search
K

25 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.11 views

PT-2026-50475

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description When NC SECURE ATTACHMENTS is set to true, an authenticated uploader can upload .html or .svg attachments that the browser renders inline from the NocoDB origin instead of forcing a download. This...

5.1CVSS5.7AI score0.00288EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.8 views

CVE-2019-11568

An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type...

8.8CVSS7.2AI score0.0139EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-4452

Malware in sbrugna...

6.1CVSS6.6AI score0.02288EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-0193

Malware in sbrugna...

4.3CVSS9.1AI score0.02965EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.6 views

PT-2024-25476 · Mp-Spdz · Mp-Spdz

Name of the Vulnerable Software and Affected Versions: MP-SPDZ version 0.3.8 Description: A stack overflow was discovered in the function octetStream::get bytes in /Tools/octetStream.cpp, allowing attackers to cause a Denial of Service DoS via a crafted message. Recommendations: For MP-SPDZ versi...

7.5CVSS7.1AI score0.00681EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.5 views

SUSE CVE-2010-0162

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote...

4.3CVSS6.1AI score0.02965EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.3 views

SUSE CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

6.4CVSS6.6AI score0.02288EPSS
Exploits0References7
Rosalinux
Rosalinux
added 2021/07/02 5:27 p.m.29 views

Advisory ROSA-SA-2021-1913

Software: mailman 2.1.15 OS: Cobalt 7.9 CVE-ID: CVE-2016-6893 CVE-Crit: HIGH CVE-DESC: A cross-site request forgery CSRF vulnerability in the user parameter page in GNU Mailman 2.1.x through 2.1.23 allows remote attackers to intercept arbitrary user authentication for requests that modify a...

8.8CVSS6.6AI score0.04599EPSS
Exploits4
Prion
Prion
added 2020/12/25 7:15 p.m.17 views

Directory traversal

bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files with "Content-Type: application/octet-stream" to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal...

4CVSS5.3AI score0.01054EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2020/09/22 5:10 p.m.26 views

LY Corporation: Webview in LINE client for iOS will render application/octet-stream files as HTML

Due to misconfiguration in the webview of LINE client for iOS, the data with header "Content-type" as "application/octet-stream" was treated as HTML. This could lead to a malicious Javascript execution, resulting a Cross-site scripting attack...

4.3CVSS5.9AI score0.00724EPSS
Exploits0
OSV
OSV
added 2020/04/24 1:15 p.m.2 views

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

6.1CVSS6.7AI score0.02288EPSS
Exploits0References11
OSV
OSV
added 2020/04/24 1:15 p.m.2 views

UBUNTU-CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

6.1CVSS6.7AI score0.02288EPSS
Exploits0References9
OSV
OSV
added 2020/03/20 4:15 a.m.5 views

CVE-2020-10682

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1files to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code it need not be a valid JPEG file...

7.8CVSS7.6AI score0.01915EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2020/02/21 12:0 a.m.140 views

Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure

!/usr/bin/perl Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

7.4AI score
Exploits0
OSV
OSV
added 2019/04/27 2:29 p.m.1 views

CVE-2019-11568

An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type...

8.8CVSS7.4AI score0.0139EPSS
Exploits1References1
Prion
Prion
added 2019/04/27 2:29 p.m.12 views

Unrestricted file upload

An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type...

6.8CVSS8.7AI score0.0139EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/04/27 1:58 p.m.15 views

CVE-2019-11568

An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type...

8.8AI score0.0139EPSS
Exploits1References1
NVD
NVD
added 2018/10/31 4:29 p.m.17 views

CVE-2018-18874

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...

9.8CVSS9.8AI score0.02062EPSS
Exploits1References1
OSV
OSV
added 2018/10/31 4:29 p.m.4 views

CVE-2018-18874

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...

9.8CVSS6.1AI score
Exploits0References1
Hacker One
Hacker One
added 2017/09/24 4:36 a.m.11 views

Nextcloud: NextCloud is also Accepting OCTET-STREAM Type of Documents instead of jpg or Imge Files Only

Summary: I noticed that NextCloud is accepting OCTET-STREAM Type of Files Where you have Background/Logo Upload Option. I Believe that NextCloud is Checking for Such Type of Files but i can upload application/octet-stream Type of Documents by Crafting a Special Type of File In this case i created...

0.6AI score
Exploits0
Rows per page
Query Builder