136 matches found
Directory Traversal
Overview phpbb/phpbb is a Forum Software application. Affected versions of this package are vulnerable to Directory Traversal via the plupload process and the phar:// stream wrapper. An attacker can execute arbitrary code by uploading a crafted archive containing serialized PHP objects that are...
EUVD-2019-20103
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when...
CVE-2019-25685
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2019-25685
...
CVE-2019-25685
CVE-2019-25685 is rejected/not used; this CVE ID is not an active vulnerability entry.
CVE-2019-25685
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when...
PT-2026-30493
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when...
CVE-2012-10064
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
CVE-2012-10064
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
CVE-2012-10064 Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
CVE-2012-10064
Omni Secure Files WordPress plugin versions before 0.1.14 contain an unauthenticated arbitrary file upload vulnerability in the bundled plupload example endpoint (upload.php). The handler does not enforce safe file type restrictions, allowing attacker-controlled files to be uploaded to the plugin...
CVE-2012-10064
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
CVE-2012-10064 Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
PT-2026-3315
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
WordPress plugin Omni Secure Files has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-15109
A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit h...
CVE-2025-15109 jackq XCMS upload.php unrestricted upload
A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit h...
CVE-2025-15109 jackq XCMS upload.php unrestricted upload
A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit h...
CVE-2025-15109
CVE-2025-15109 concerns jackq XCMS up to build 3fab5342cc509945a7ce1b8ec39d19f701b89261, where the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php contains a flaw that allows unrestricted file upload. The vulnerability can be triggered remotely and is supported by multiple source...
XCMS 代码问题漏洞
XCMS is a CMS website builder system by JackQ individual developers. A code issue vulnerability exists in XCMS, which stems from an incorrect operation of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php, which could lead to unlimited uploads...