Lucene search
K

5 matches found

OSV
OSV
added 2026/03/25 5:45 p.m.4 views

GHSA-WXJW-PHJ6-G75W AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

Summary The ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file valid JPEG magic bytes followed by PHP cod...

8.8CVSS6.1AI score0.00639EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability in ffmpeg

A flaw was discovered in FFmpeg’s HLS demuxer. This vulnerability allows bypassing checks for unsafe file extensions and triggering arbitrary demuxers using base64-encoded data URIs, along with specific file extensions...

4.7CVSS6.5AI score0.0039EPSS
Exploits1References3
OSV
OSV
added 2025/01/06 5:15 p.m.2 views

DEBIAN-CVE-2023-6601

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...

4.7CVSS5.7AI score0.0039EPSS
Exploits1References1
OSV
OSV
added 2017/10/12 8:29 a.m.2 views

CVE-2017-15285

X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is ...

8.8CVSS5.8AI score0.02072EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2017/09/14 4:0 p.m.32 views

CVE-2017-14482

Removed by vendor...

8.8CVSS8.8AI score0.04042EPSS
Exploits1
Rows per page
Query Builder