39 matches found
EUVD-2020-18386
Malware in sbrugna...
EUVD-2000-1063
Malware in sbrugna...
Wavlink WL-WN578W2 sub_409184 Command Injection Vulnerability
The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter selEncrypTyp of the function sub409184 in the file /wizardrep.shtml that fails to correctly filter the constructor...
Exploit for CVE-2000-0114
This is a collection of vulnerability templates for the Nuclei vulnerability scanner. The templates are organized by CVE ID and include information such as the vulnerability name, description, severity, and remediation steps. The templates also include HTTP requests and matchers to identify the...
PT-2024-40269 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue allows backend users to upload certain file types, including .phar, .shtml, .pl, or .cgi files, due to missing file extensions in the $GLOBALS'TYPO3 CONF VARS''BE''fileDenyPattern'...
Arbitrary File Upload
Cockpit CMS is vulnerable to Arbitrary File Upload. The vulnerability is caused by missing validation/sanitization of the request data contained in the POST request body sent to the /assets/upload endpoint while uploading .shtml files. This can lead to arbitrary code execution...
Cockpit CMS arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
PT-2022-21984 · Wavlink · Wavlink Wn530H4
Name of the Vulnerable Software and Affected Versions: Wavlink WN530HG4 version M30HG4.V5030.191116 Description: An access control issue allows attackers to obtain usernames and passwords via the API endpoint "http://IP ADDRESS/set safety.shtml?r=52300" by searching for the variable syspasswd...
showdoc .shtml file upload vulnerability
showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .shtml file extensions in the application's file upload feature. An attacker could use this vulnerability to...
showdoc 跨站脚本漏洞
showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .shtml file extensions in the application's file upload feature. An attacker could use this vulnerability to...
CVE-2021-3159
A stored cross site scripting XSS vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file...
CVE-2021-3159
A stored cross site scripting XSS vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file...
CVE-2020-25733
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types...
CVE-2020-25733
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types...
CVE-2019-9623
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "!--exec cmd=" in a .shtml file to ckuploadhandler.php...
CVE-2019-9623
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "!--exec cmd=" in a .shtml file to ckuploadhandler.php...