CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29353

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename...

CVE-2025-29281

CVE-2025-29281 affects PerfreeBlog 4.0.11, where an arbitrary file upload vulnerability in the attach component lets regular users upload files and execute code within them. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 8.8 (HIGH). Exploitation is descr...

CVE-2024-57728

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...

CVE-2022-45185

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution...

CVE-2024-42375

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

PT-2024-20443

Name of the Vulnerable Software and Affected Versions Bludit affected versions not specified Description A security issue has been identified, allowing authenticated attackers to execute arbitrary code through the "Image API" endpoint. This issue arises from improper handling of file uploads,...

PT-2024-22427 · Zenml · Zenml

Name of the Vulnerable Software and Affected Versions: zenml version 0.55.4 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file, exploiting an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle materializer.py...

CVE-2023-40731

A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...

编号撤回

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. Chamilo LMS v1.11.13 contains a code injection vulnerability that could be exploited by a...

CVE-2019-18417

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files...

CVE-2019-7274

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root...

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

jQuery-File-Upload 9.22.0 - Arbitrary File Upload Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload Author: Larry W. Cashdollar, @larry0 Date: 2018-10-09 Vendor: https://github.com/blueimp Download Site: https://github.com/blueimp/jQuery-File-Upload/releases CVE-ID: N/A Vulnerability: The...

Samsung Security Manager 1.5 ActiveMQ Broker Service remote code execution vulnerability

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution",...

Denial of Service Vulnerability in Multiple F5 Products (CNVD-2015-07477)

F5 BIG-IP Analytics and others are products of F5 Corporation, USA. f5 BIG-IP Analytics is a suite of web application performance analytics software. apm is a solution that provides secure and unified access to business-critical applications and networks. ltm is a local traffic manager. datastor...

SIRE 2.0 - Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17431/info SIRE is prone to an arbitrary file-upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate...

OpenEMR 4.1.1 Patch 14 - SQL Injection / Privilege Escalation / Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "OpenEMR 4.1.1 Pat...

MY-CCMS All Ver File Upload 0day-vulnerability warning-the black bar safety net

The vulnerability is located in: manage/upload.php code province ! ! 111.jpg Download 22.49 KB 4 hours ago Also you can create new“. asp”directory, there is a skip directory vulnerability, etc. EXP: the form id="frmUpload" enctype="multipart/form-data" action="http://chemlg.com/manage/upload.php"...

phpBB 1.0.02.0.10 - admin_cash.php Remote Code Execution

phpBB 1.0.02.0.10 - admincash.php Remote Code Execution / exploit for phpBB 1.0.0 - 2.0.10 edit the b4b0.php file with the correct url to your backdoor and the correct filename for your backdoor upload it to a webserver. gcc -o b4b0-phpbb b4b0-phpbb.c ./b4b0-phpbb telnet greets to b4b0 -- evilrab...