13 matches found
CVE-2019-25471
FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, an...
PT-2026-24769
FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, an...
EUVD-2024-0504
Malicious code in bioql PyPI...
CVE-2025-10995 Open Babel zipstreamimpl.h underflow memory corruption
A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function zlibstream::basicunzipstreambuf::underflow in the library /src/zipstreamimpl.h. Such manipulation leads to memory corruption. Local access is required to approach this attack. The exploit...
BIT-MOODLE-2024-25978 Msa-24-0001: denial of service risk in file picker unzip functionality
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
CVE-2024-25978
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
CVE-2024-25978
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
Design/Logic Flaw
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
CVE-2024-25978
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
CVE-2024-25978 Msa-24-0001: denial of service risk in file picker unzip functionality
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
CVE-2024-25978
CVE-2024-25978 : Moodle is affected by a denial-of-service risk due to insufficient file size checks in the file picker’s unzip functionality. The available connected documents confirm the vulnerability and its impact but do not provide concrete technical details such as affected versions or exac...
DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities
No description provided by source. DrayTek VigorACS SI = 1.3.0 Vigor ACS-SI Edition is a Central Management System for DrayTek routers and firewalls, providing System Integrators or system administration personnel a real-time integrated monitoring, configuration and management platform...
DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities
DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities DrayTek VigorACS SI /ACSServer/ We found that most of the VigorACS SI deployments are using the default http authentication settings acs/password. This is not so much a software vulnerability but more a configuration issue. 2.2 Unauthenticated...