CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

EUVD-2002-1329

Malware in sbrugna...

EUVD-2008-2394

Malware in sbrugna...

EUVD-2013-3478

Malware in sbrugna...

EUVD-2008-4324

Malware in sbrugna...

EUVD-2007-4737

Malware in sbrugna...

EUVD-2002-1328

Malware in sbrugna...

EUVD-2020-26770

Malware in sbrugna...

EUVD-2006-0582

Malware in sbrugna...

EUVD-2014-4829

Malware in sbrugna...

EUVD-2003-1288

Malware in sbrugna...

EUVD-2005-0361

Malware in sbrugna...

EUVD-2021-8069

Malicious code in bioql PyPI...

EUVD-2023-58595

Malicious code in bioql PyPI...

CVE-2003-1280

Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. dot dot in multipart/form-data uploads...

PT-2023-2874 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this issue. The specific flaw...

CVE-2020-10513

The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file...

The vulnerability of the Vesta Control Panel server’s control panel lies in the lack of checking for the presence of a user session. This allows attackers to perform various manipulations on files and directories located on the server.

The vulnerability of the Vesta Control Panel’s control panel lies in the lack of checking for the presence of a user session in the files.php file web/file-manager/, which is responsible for the operation of the control panel’s file manager. Exploiting this vulnerability allows an attacker to...

Remote File Manipulation Via Deserialization

Apache Wicket is vulnerable to remote file manipulation via Java deserialization. It allows an attacker to add, move, and delete files that Apache DiskFileItem has access to. Additionally, if an older Java VM is running, the attacker can control the filename because the NULL byte check doesn't...

CVE-2015-0932

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on por...