17 matches found
EUVD-2020-18386
Malware in sbrugna...
Cockpit CMS arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file...
CVE-2019-9623
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "!--exec cmd=" in a .shtml file to ckuploadhandler.php...
CVE-2019-9623
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "!--exec cmd=" in a .shtml file to ckuploadhandler.php...
CVE-2018-18924
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message...
CVE-2018-9156
An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude modul...
CVE-2013-3506
cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes SSI functionality...
Command injection
cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes SSI functionality...
httpd: AllowOverride Options=IncludesNoExec allows Options Includes
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...
Mandriva Linux Security Advisory : apache (MDVSA-2009:124-1)
Multiple vulnerabilities has been found and corrected in apache : Memory leak in the zlibstatefulinit function in crypto/comp/czlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service memory consumption via multiple calls, as demonstrated by initial S...
Design/Logic Flaw
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...
httpd: AllowOverride Options=IncludesNoExec allows Options Includes
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...
Дырка в iPlanet (SHTML parsing)
Переполнение буфера при запросе к .shtml- файлу определенной длинны...