12 matches found
EUVD-2025-206401
code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php...
CVE-2023-53894
CVE-2023-53894 (phpfm 1.7.9) is an authentication-bypass vulnerability caused by loose type comparison in the password hash validation (checkPassword). An attacker can craft password hashes starting with 0e or 00e to bypass login and upload malicious PHP files. The issue is documented across mult...
EUVD-2012-2547
Malware in sbrugna...
CVE-2013-10047
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server = Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32,...
CVE-2025-54440
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...
CVE-2024-9422 GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...
Purchase Order Management 1.0 Shell Upload
Title: Purchase Order Management-1.0 - File Inclusion Vulnerabilities - Unprivileged user interaction - file upload in the server Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software:...
SAP Business Objects 代码问题漏洞
SAP Business Objects is a business intelligence suite from SAP, Germany. A security vulnerability exists in SAP Business Objects Platform versions 420 and 430, which stems from a vulnerability that allows an attacker with normal BI user privileges to upload/replace any file on the Business Object...
CVE-2022-32262
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution...
CVE-2021-40966
A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user...
GHSA-9H4G-27M8-QJRG Path Traversal in socket.io-file
All versions of socket.io-file are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The socket.io-file::createFile message contains a name option that is passed directly to path.join. It is possible to upload files to arbitrary...
Yahoo Status Checker File upload Vulnerability
Exploit for php platform in category web applications ============================================== Yahoo Status Checker File upload Vulnerability ============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /...