CVE-2025-59710

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...

EUVD-2025-199678

Unauthenticated Arbitrary File Deletion upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary...

CVE-2025-66254 Unauthenticated Arbitrary File Deletion (upgrade_contents.php)

Unauthenticated Arbitrary File Deletion upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary...

CVE-2025-41736 Possible arbitrary code execution

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution...

EUVD-2024-45868

Malicious code in bioql PyPI...

EUVD-2025-28055

Malicious code in bioql PyPI...

EUVD-2024-54924

Malicious code in bioql PyPI...

EUVD-2025-6900

Malicious code in bioql PyPI...

CVE-2025-61188

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...

WordPress plugin AR For WordPress 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin AR For WordPress, whi...

CVE-2024-42640

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

PT-2024-21813 · Zohocorp · Manageengine Ddi Central

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine DDI Central versions 4001 and prior Description: The issue allows a user to upload new files to the server folder due to a directory traversal vulnerability. Recommendations: For versions 4001 and prior, consider...

Deserialization of Untrusted Data in timber/timber

Summary Timber is vulnerable to PHAR deserialization due to a lack of checking the input before passing it into the fileexists function. If an attacker can upload files of any type to the server, he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP...

MSMS-PHP 1.0 Shell Upload

Title: MSMS-PHP by: oretnom23 v1.0 File Upload - RCE browser using Author: nu11secur1ty Date: 03/13/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html Reference:...

CVE-2023-6562

JPX Fragment List flst box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker...

CVE-2023-3798

A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. This vulnerability affects unknown code of the file /AppResource/UEditor/server/upload.aspx. The manipulation of the argument file leads to unrestricted upload. The exploit...

CVE-2023-2180

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server...

Roxy Fileman 1.4.5 - Arbitrary File Upload Vulnerability

Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Upload Exploit Author: Zer0FauLT email protected Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on: Windows 10 and Windows Server...

Online Pizza Ordering 1.0 Shell Upload

Title: Online-Pizza-Ordering-1.0 File-Inclusion-RCE Author: nu11secur1ty Date: 03.30.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Reference: https://portswigger.net/web-security/file-upload...

Apache Tomcat Remote Code Execution Vulnerability

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...