CVE-2026-2146

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

XSS through document upload

This report is not public...

SUSE CVE-2019-18807

Two memory leaks in the sja1105staticconfigupload function in drivers/net/dsa/sja1105/sja1105spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service memory consumption by triggering staticconfigbufprepareforupload or sja1105inhibittx failures, aka CID-68501df92d11...

CVE-2022-30007

GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server...

SourceCodester Online Clothing Store Code Issue Vulnerability

SourceCodester Online Clothing Store is a website builder system from SourceCodester, Inc. that provides online clothing store functionality. A security vulnerability exists in SourceCodester Online Clothing Store version 1.0, which is caused by an arbitrary file upload in the image upload functi...

X (Formerly Twitter): XSS and cache poisoning via upload.twitter.com on ton.twitter.com

Hi, I would like to report an issue where attackers can bypass the upload restriction on upload.twitter.com to cause XSS on ton.twitter.com and cache poisoning. Detail When using upload.twitter.com to upload audience data, it checks if the file type is allowed and rejects any harmful files e.g...

Boomchat 4.2 Shell Upload

| Title : boomchat-v4.2 Upload Vulnerability | Author : indoushka | email : [email protected] | Dork : no 4 noob | Tested on: Win8 fr pro | Bug : Upload | Download : www.20script.ir ======================================= 1- register in script 4 chat 2- change photo of profil 3- chang evil...

Getsimple CMS 2.03 - upload-ajax.php Arbitrary File Upload

Getsimple CMS 2.03 - upload-ajax.php Arbitrary File Upload source: https://www.securityfocus.com/bid/46427/info GetSimple CMS is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files...

sasp cms (fckeditor) shell upload Vulnerability

Exploit for php platform in category web applications =============================================== sasp cms fckeditor shell upload Vulnerability =============================================== Author: ashiyane digital security team Version: 0.9 Category:: upload bug discovered by:ramin bazghan...

Family Connections 1.8.2 Arbitrary File Upload

Salvatore "drosophila" Fresta + Application: Family Connection + Version: = 1.8.2 + Website: http://www.familycms.com + Bugs: A Arbitrary File Upload + Exploitation: Remote + Date: 3 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...

K&S Shopsysteme Arbitrary Remote File Upload Vulnerability

No description provided by source. Script Name: Shopsysteme new version oscommerce Download: http://www.shopsystem-forum.de/productinfo.php?cPath=22&productsid=43 299 euro : Author: mNt File Upload Bug Google Dork: intext:Powered by K&S Media Concept - Shopsysteme Powered by K&S Media Concept -...

KS Shopsysteme - Arbitrary File Upload

KS Shopsysteme - Arbitrary File Upload Script Name: Shopsysteme new version oscommerce Download: http://www.shopsystem-forum.de/productinfo.php?cPath=22&productsid=43 299 euro : Author: mNt File Upload Bug Google Dork: intext:Powered by K&S Media Concept - Shopsysteme Powered by K&S Media Concept...

K&S Shopsysteme Arbitrary Remote File Upload Vulnerability

Exploit for unknown platform in category web applications ========================================================== K&S Shopsysteme Arbitrary Remote File Upload Vulnerability ========================================================== Script Name: Shopsysteme new version oscommerce Download:...

w3blabor CMS 3.0.5 Arbitrary File Upload & LFI Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwPOST; use Getopt::Long; '/ -.- ------------------oOO------OOo----------------- | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/, // | | Security Research...

DUgallery - ALL VERSIONS (Upload/SQL/) Multiple Remote Vulnerabilities

DUgallery - ALL VERSIONS! Discovered bay : AleminKrali my blog: al3m.blogspot.com inurl:pic.asp?iCat= inurl:cat.asp?iCat= - 1-Upload Bug HIGH!!! 75 success new! 1-OPEN firefox 2-tools options content JavaScript Not Active! and save.re open firefox. http://site.com/path/add.asp == upload your Asp...

easycms.txt

Easy CMS 0.1.2 Php Shell Upload Vulnerabilities ---------------------------------------------------- site:http://sourceforge.net/projects/php-easy-cms/ demo:http://www.easy-cms.be/ -------------------------------------------------- Bug: 1http://victim/choosefile.php Documents Images Scripts Style...

DoKuWiki file-upload vulnerabilities

ADZ Security Team =================== Info Program: DoKuWiki Version: 2005-02-18 Module: media.php Bug type: File Upload bug Vendor site: http://wiki.splitbrain.org/ Vendor Informed: Yes =================== Bug Info Remote user with file-upload privileges can upload anyone file with any...