21 matches found
GHSA-GCQV-F29M-67GR October Rain has Stored XSS via SVG Filter Bypass
A stored cross-site scripting XSS vulnerability was identified in the SVG sanitization logic. The regex pattern used to strip on event handler attributes could be bypassed using a crafted payload that exploits how the pattern matches attribute boundaries. Impact - Stored XSS via malicious SVG fil...
CVE-2026-29061
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...
CVE-2025-69220
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...
CVE-2023-28482
An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has...
CVE-2023-33498
alist =3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file...
CVE-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...
CVE-2025-27718
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or...
PT-2024-34919 · Unknown · Dang Ngoc Binh Audio Record
Name of the Vulnerable Software and Affected Versions: Dang Ngoc Binh Audio Record versions n/a through 1.0 Description: The issue allows an attacker to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability. This enables remote hackers to uploa...
PT-2024-22868 · Mozilocms · Mozilocms
Name of the Vulnerable Software and Affected Versions: moziloCMS version 2.0 Description: The issue allows attackers to bypass file upload restrictions, potentially leading to unauthorized file execution or storage of malicious content. This is achieved by renaming files, which can result in the...
CVE-2023-43040
A flaw was found in rgw. This flaw allows an unprivileged user to write to any buckets accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket...
PT-2022-27641 · Pwndoc · Pwndoc
Name of the Vulnerable Software and Affected Versions: Pwndoc version 0.5.3 Description: An issue in the "/api/audits" component allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. Recommendations: For Pwndoc version 0.5.3, consider disabling the...
CVE-2022-27083
Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic...
Tenda M3 命令注入漏洞
Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the component /cgi-bin/uploadAccessCodePic fails to properly filter the construction of command special characters, commands, etc., which can be exploited by attackers to cau...
CVE-2020-15734
An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29...
PT-2020-3619 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 11.1 through 12.9 Description: The issue is related to parameter tampering on an upload feature, allowing unauthorized users to read content available under specific folders. This can lead to information disclosure,...
CVE-2015-5019
IBM Sterling Integrator 5.1 before 50100048 and Sterling B2B Integrator 5.2 before 50205009 allow remote authenticated users to read or upload files by leveraging a password-change requirement...
e107 Tap 2.0 Shell Upload
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
MediaCluster (mcCMS) Shell Upload
========================================================================= MediaCluster mcCMS Arbitrary File Upload Vulnerability ========================================================================== +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+= +=+=+=...
Microsoft IIS Security Bypass Vulnerability (970483)
This host is missing a critical security update according to Microsoft Bulletin MS09-020. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Fedora 9 : drupal-6.5-1.fc9 (2008-8852)
Update to 6.5, security fixes: SA-2008-047 http://drupal.org/node/318706 - File upload access bypass unprivileged file attach - Access rules bypass - BlogAPI access bypass Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to...