CVE-2026-42873

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, uploading a file with malicious content via funcionarios/docdependente_upload.php returns an overly descriptive error message, causing information disclosure and expanding the attack surface. The vulnerability is fix...

CVE-2025-15526 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...

PT-2026-3216

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...

TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service

Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...

DaaS-Hosting-Failed to update the master image associated with the provisioning scheme.

While changing Master Image in AWS throwing an error "Failed to update the master image associated with the provisioning scheme." Export of error details: Transaction ID: xxxxxxxxxxxxxxxxx Action Name: MCUpdateMachineCatalog Exception: StudioErrorId : ProvisioningTaskError ErrorCategory :...

CVE-2024-11265

The Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.3. This is due to returning image upload error messages with full path information. This makes it possible for authenticated...

BIT-JOOMLA-2022-23794 [20220302] - Core - Path Disclosure within filesystem error messages

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application...

Chamilo v1.11.24 Unrestricted File Upload PHP Webshell

Chamilo LMS is a free software e-learning and content management system. In versions prior to use exploit/linux/http/chamilobiguploadwebshell msf exploitchamilobiguploadwebshell show targets ...targets... msf exploitchamilobiguploadwebshell set TARGET msf exploitchamilobiguploadwebshell show...

PT-2024-7405 · Siemens · Simatic Reader Rf615R +11

Name of the Vulnerable Software and Affected Versions: SIMATIC Reader RF610R CMIIT versions prior to V4.2 SIMATIC Reader RF610R ETSI versions prior to V4.2 SIMATIC Reader RF610R FCC versions prior to V4.2 SIMATIC Reader RF615R CMIIT versions prior to V4.2 SIMATIC Reader RF615R ETSI versions prior...

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 PoC This repository contains a Proof of Con...

Error when uploading the upload_compliance_result.xml file.

Error - 'You have not chosen to trust "Baltimore CyberTrust Root", the issuer of the server's security certificate.doHandshake failed! ' when uploading the uploadcomplianceresult.xml file...

Error: "File too large" when upload customized login schema xml file to ADC

1. When add login schema via ADC cli, below erro will prompt: 2. When add login schema via, below GUI error will show:...

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment, and iteration. A security vulnerability exists in Siemens Mendix. The vulnerability stems from a program upload operation of an XML file that results in ...

Unable to Add/Upload an SSL Certificate/Key Pair to the CloudBridge: “Execution Error”

When configuring an SSL Profile the ssl certificate/key pair must be previously uploaded. The following error message is displayed when trying to upload the Certificate file extension .cer: Please correct any problems and resubmit your request Execution error...

Empire cms backstage to get a shell vulnerability and fix-vulnerability warning-the black bar safety net

The first method: add a custom page 6.0 on experiment success Template management - add custom page - page name casually--file name: xx. asp;. html--the page content--pony copy the contents into it Save the post and then the Admin page Click you can go see your horse, generally in the root...

PHP iCalendar 2.24 - cookie_language Local File Inclusion Arbitrary File Upload

PHP iCalendar 2.24 - cookielanguage Local File Inclusion Arbitrary File Upload '.$lang'lcalfile'.' '.$filenumber.': '.$lang'lactionsuccess'.''; 84. el...

Site@School 2.4.10 - FCKeditor Session Hijacking Arbitrary File Upload

Site@School 2.4.10 - FCKeditor Session Hijacking Arbitrary File Upload ?php / ------------------------------------------------------------------------- Site@School = 2.4.10 fckeditor Session Hijacking / File Upload Exploit -------------------------------------------------------------------------...