9 matches found
CVE-2026-41934
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...
CVE-2026-41934
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...
CVE-2026-39366 WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...
Exploit for Unrestricted Upload of File with Dangerous Type in Verot_Project Verot
CVE-2019-19634 - class.upload.php = 2.0.4 Arbitrary file uplo...
ownCloud: doc.owncloud.org has missing PHP handler
When visiting the following URL https://doc.owncloud.org/server/8.2/go.php?to=admin-backup the web server does interpret the php code but delivers the php code itself. This might expose internal information to anyone visiting the website...
CVE-2015-3330
The phphandler function in sapi/apache2handler/sapiapache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via pipelined HTTP...
UBUNTU-CVE-2015-3330
The phphandler function in sapi/apache2handler/sapiapache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via pipelined HTTP...
CVE-2015-3330
The phphandler function in sapi/apache2handler/sapiapache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via pipelined HTTP...
[SA12993] Mega Upload Unspecified "File List" Vulnerability
TITLE: Mega Upload Unspecified "File List" Vulnerability SECUNIA ADVISORY ID: SA12993 VERIFY ADVISORY: http://secunia.com/advisories/12993/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: From remote SOFTWARE: Mega Upload 1.x http://secunia.com/product/4156/ DESCRIPTION: A vulnerability with...