EUVD-2026-33671

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

PT-2026-45475

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

Design/Logic Flaw

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affecte...

CVE-2023-27979

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affecte...

CVE-2018-19945

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerabilit...

CVE-2018-19945

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerabilit...

Design/Logic Flaw

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerabilit...

CVE-2020-13240

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...

Voyager 1.1 Shell Upload

Exploit Title: Voyager 1.1 - Arbitrary File Upload Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Poc Video: https://youtu.be/5GnHbFqRP9M Vendor Homepage: https://laravelvoyager.com/ Software Link:...

Wordpress Media File Manager 1.4.2 Plugin - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Exploit Author: Pasquale Turi aka boombyte Vendor Homepage: https://wordpress.org/plugins/media-file-manager/ Software Link:...

CVE-2017-17738

The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below allows renaming and modifying files via /tools.html...

Directory traversal

Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. dot dot in the file parameter to admin/bitrix.xscanworker.php...

CVE-2015-7309

CVE-2015-7309 impacts Bolt CMS: the theme editor (pre-2.2.5) does not validate file extensions when renaming files, enabling remote authenticated users to execute arbitrary PHP code by renaming a crafted file and then directly accessing it. The vulnerability stems from the lack of extension check...

WordPress media-file-manager-advanced Plugin Multiple Vulnerabilites

No description provided by source. Post Delete http://domain.tld/wp-admin/admin-ajax.php?action=mfmarelocatordelete post: id=17 MKDIR http://domain.tld/wp-admin/admin-ajax.php?action=mfmarelocatormkdir newdir=EVEXFOLDER folder exists: http://domain.tld/wp-contents/uploads/EVEXFOLDER RMDIR Dir Mus...

Media File Manager Advanced <= 1.1.5 - Multiple Vulnerabilites

Media File Manager Advanced suffers from executing administrator actions by any authenticated user due to weak permissions checking. An attacker is able to delete/update posts, Creating/Removing/Listing Directories, Moving/Renaming/Deleting Files, Blind SQL Injection and Cross-Site Scripting. Pos...