13 matches found
CVE-2026-11414
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...
Arbitrary File Upload
net.mingsoft, ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of uploaded files in the /ms/template/writeFileContent.do component, which allows an attacker to upload arbitrary files and potentially execute malicious code on the server...
EUVD-2022-2596
Malicious code in bioql PyPI...
CVE-2025-57644
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...
GHSA-V22V-XWH7-2VRM UnoPim vulnerable to remote code execution through Arbitrary File upload
Summary: Affected Functionality: Image upload at User creation Endpoint: /admin/settings/users/create Details The image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy lik...
PT-2024-34919 · Unknown · Dang Ngoc Binh Audio Record
Name of the Vulnerable Software and Affected Versions: Dang Ngoc Binh Audio Record versions n/a through 1.0 Description: The issue allows an attacker to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability. This enables remote hackers to uploa...
CVE-2024-48646
An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the...
Git Authorization Problem Vulnerability
Git is a free, open source distributed version control system. Git version 1.7.3 suffers from an authorization issue vulnerability that stems from the ability to use passwords for unexpected resources. In order to exploit, a user must perform a git pull operation, decrypt the password, and use th...
UCMS suffers from a file upload vulnerability (CNVD-2020-69467)
UCMS is a content management system written in PHP. UCMS has a file upload vulnerability that can be exploited by an attacker to gain control of the server...
Command Execution Vulnerability in BayCloud CMS
Beyun cms content management system is an open source content management system based on tp5.1. Beyuncms has a command execution vulnerability that can be exploited by an attacker to gain control of the server...
freerdp: Out-of-bounds write in interleaved.c
A flaw was found in FreeRDP between versions 1.0 and 2.0.0. An out-of-bounds memory write was found in the interleaved.c function which could allow an attacker to take over and control the RDP server, including data sent to the client. The highest threat from this vulnerability is to data...
Command Execution Vulnerability in AdminSet
Adminset is a true fully automated Ops platform developed with Ops thinking in mind. AdminSet suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...
kernel: Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when empty TargetInfo is returned in NTLMSSP setup negotiation response allowing to crash client's kernel
A flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted...