Lucene search
K

19 matches found

GithubExploit
GithubExploit
added 2026/06/15 10:0 a.m.78 views

Exploit for CVE-2026-37071

CVE-2026-37071 Arbitrary File Rename Leading to Privilege Esca...

5.4AI score
Exploits0
Snyk
Snyk
added 2026/05/29 10:5 p.m.9 views

Incorrect Authorization

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Incorrect Authorization through insufficient authorization checks in the renameFile process. An attacker can modify file names and...

7.1CVSS5.8AI score0.00029EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/29 10:5 p.m.23 views

Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders

Summary modules/documents-files.php mode filerenamesave shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folderuuid, but the rename operation acts on fileuu...

5.8AI score0.00029EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-45040

Summary modules/documents-files.php mode file rename save shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folder uuid, but the rename operation acts on fil...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41769

Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...

6.5CVSS6AI score0.00037EPSS
Exploits0References4
CVE
CVE
added 2026/05/11 4:15 a.m.22 views

CVE-2026-8272

CVE-2026-8272 affects D-Link DNS-320 firmware 2.06B01 and targets the webfile_mgr.cgi component. The vulnerability arises from manipulation of file operations (delete/rename/copy/move/chmod/chown), enabling OS command injection via remote input. Publicly released exploit details exist, and exploi...

7.2CVSS5.6AI score0.05587EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.5 views

PT-2026-33774

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...

5.4CVSS6.2AI score0.00281EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001203)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001203 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified...

7.8CVSS6.2AI score0.00861EPSS
Exploits1References20
EUVD
EUVD
added 2025/12/07 6:30 a.m.5 views

EUVD-2025-201594

A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS6.4AI score0.02011EPSS
Exploits0References8
NVD
NVD
added 2025/12/07 5:15 a.m.6 views

CVE-2025-14184

A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS0.02011EPSS
Exploits0References7
CVE
CVE
added 2025/12/07 4:32 a.m.18 views

CVE-2025-14184

CVE-2025-14184 affects SGAI Space1 NAS N1211DS (firmware up to 1.0.915). The gsaiagent component exposes a vulnerability in the /cgi-bin/JSONAPI handling of RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD that enables command injection. The issue can be triggered remotely; public disclosure of the exploit ...

6.5CVSS6.5AI score0.02011EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.5 views

PT-2023-32849 · Unknown · Codelyfe Stupid Simple Cms

Name of the Vulnerable Software and Affected Versions: codelyfe Stupid Simple CMS versions up to 1.2.4 Description: A critical issue has been found in the software, affecting some unknown functionality of the file /file-manager/rename.php. The manipulation of the newName argument leads to path...

5.5CVSS5.7AI score0.00906EPSS
Exploits1References5
0day.today
0day.today
added 2022/08/01 12:0 a.m.400 views

CuteEditor for PHP 6.6 - Directory Traversal Vulnerability

Exploit Title: CuteEditor for PHP 6.6 - Directory Traversal Exploit Author: Stefan Hesselman Vendor Homepage: http://phphtmledit.com/ Software Link: http://phphtmledit.com/download/phphtmledit.zip Version: 6.6 Tested on: Windows Server 2019 CVE : N/A There is a path traversal vulnerability in the...

0.4AI score
Exploits0
Prion
Prion
added 2020/03/12 2:15 p.m.17 views

Path traversal

Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence ../ via the POST parameter imgName for the new name and imgUrl for the current file to be renamed...

4CVSS4AI score0.01084EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/07/18 5:15 p.m.6 views

CVE-2019-11230

In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename...

4.4CVSS5.9AI score0.00543EPSS
Exploits1References2
OSV
OSV
added 2019/04/09 6:29 p.m.5 views

CVE-2019-7174

Roxy Fileman 1.4.5 allows attackers to execute renamefile.php aka Rename File, createdir.php aka Create Directory, fileslist.php aka Echo File List, and movefile.php aka Move File operations...

9.8CVSS7.4AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

gausCMS - Multiple Vulnerabilities

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-21-gauscms-multiple-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : gausCMS Multiple...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 11:11 a.m.24 views

execution of javascript from filename

Steps to replicate: Add an attachment Rename the file to ".txt" Copy its remove link and open the link in a new browser window Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen. Everything works normally if you just click the delete button rather than...

1.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/09/22 12:0 a.m.33 views

gausCMS - Multiple Vulnerabilities

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-21-gauscms-multiple-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : gausCMS Multiple Vulnerabilities Affected Version : Gaus CMS...

7.4AI score
Exploits0
Rows per page
Query Builder