PT-2024-40269 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue allows backend users to upload certain file types, including .phar, .shtml, .pl, or .cgi files, due to missing file extensions in the $GLOBALS'TYPO3 CONF VARS''BE''fileDenyPattern'...

Arbitrary File Upload

Cockpit CMS is vulnerable to Arbitrary File Upload. The vulnerability is caused by missing validation/sanitization of the request data contained in the POST request body sent to the /assets/upload endpoint while uploading .shtml files. This can lead to arbitrary code execution...

CVE-2020-25733

webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types...

Apache protection bypass

Invalid IncludesNOEXEC option processing allows code execution via included .shtml files...

IIS 5.0 cross site scripting vulnerability - using .shtml files or /_vti_bin/shtml.dll

Georgi Guninski security advisory 19, 2000 IIS 5.0 cross site scripting vulnerability - using .shtml files or /vtibin/shtml.dll This advisory describes two vulnerabilites one is already fixed by Microsoft but I decided to put them together. Systems affected: IIS 5.0/Windows 2000. Exploited with...