CVE-2026-33647 AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of extension file list checks in the ImageGallery::saveFile method, which could lead to remot...

CVE-2018-25144

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform...

EUVD-2011-1159

Malware in sbrugna...

PT-2025-7572 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: The issue allows attackers to execute arbitrary code via uploading a crafted .jsp file to the "/file/savefile.do" API endpoint. This is made possible by an arbitrary file upload vulnerability in the component...

MRCMS 安全漏洞

MRCMS is a content management system by the individual developers of marker. A security vulnerability exists in MRCMS version v3.1.2, which stems from the /file/savefile.do module containing an arbitrary file upload vulnerability...

CVE-2023-52333

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...

CVE-2023-52333

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...

CVE-2023-52333 Allegra saveFile Directory Traversal Remote Code Execution Vulnerability

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...

CVE-2023-52333 Allegra saveFile Directory Traversal Remote Code Execution Vulnerability

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. A path traversal vulnerability exists in Allegra that stems from the saveFile feature containing a directory traversal remote code execution vulnerability...

CVE-2024-2397

A flaw was found in tcpdump. Trying to print content from a maliciously crafted .pcap file may lead to an infinite loop, resulting in a denial of service. This issue is considered low severity; for a successful attack to happen, a user must open a crafted file, and it will only crash a single...

CVE-2024-2397

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21...

CVE-2024-2397

The CVE-2024-2397 issue is a bug in tcpdump affecting the git master branch (2023-06-05 to 2024-03-21) where packet data buffers management can cause an infinite loop when parsing crafted DLT_PPP_SERIAL .pcap files in the PPP printer. The vulnerability is not reported as present in released tcpdu...

CVE-2024-2397 infinite loop in the PPP printer of tcpdump

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21...

PT-2024-14529 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the product implements a...

CVE-2023-40980

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file...

DWSurvey Code Issue Vulnerability

DWSurvey is a questionnaire system written in Java. A security vulnerability exists in DWSurvey v.3.2.0 and earlier versions, which stems from a file upload vulnerability that allows remote attackers to execute arbitrary code via the saveimage and savveFile methods in the action/UploadAction.java...

XML External Entity (XXE)

urule is vulnerable to XML External Entities XXE. A remote attacker is able to execute arbitrary code by uploading a crafted XML file to /urule/common/saveFile...

PT-2023-19465 · Urule · Urule

Name of the Vulnerable Software and Affected Versions: urule version 2.1.7 Description: An XML External Entity XXE issue allows attackers to execute arbitrary code by uploading a crafted XML file to the "/urule/common/saveFile" API endpoint. This is achieved by exploiting the saveFile...