PT-2025-25502 · Comfyui · Comfyui

Name of the Vulnerable Software and Affected Versions: comfyanonymous comfyui versions up to 0.3.39 Description: A vulnerability was found in the file /upload/image of the component, allowing for cross-site scripting through the manipulation of the image argument. This issue can be exploited...

CVE-2025-2744

CVE-2025-2744 affects zhijiantianya ruoyi-vue-pro 2.4.1, specifically the Material Upload Interface’s /admin-api/mp/material/upload-news-image endpoint. The vulnerability arises from manipulation of the File argument, enabling path traversal and remote exploitation. Multiple connected sources sta...

PT-2024-17544

Name of the Vulnerable Software and Affected Versions Jirafeau affected versions not specified Description The issue concerns a case insensitive MIME type bypass that enables SVG XSS in Jirafeau. Normally, Jirafeau prevents browser preview for SVG files to prevent cross-site scripting exploitatio...

CVE-2024-9815

Codezips Tourist Management System 1.0 contains a vulnerability in /admin/create-package.php where the packageimage parameter enables unrestricted file uploads. Multiple connected sources confirm remote, unauthenticated-like exposure via this parameter, with the issue described as critical. Pract...

PT-2024-3652 · D Link · D-Link Dar-7000-40

Name of the Vulnerable Software and Affected Versions: D-Link DAR-7000-40 version V31R02B1413C Description: A critical vulnerability has been found in the D-Link DAR-7000-40, affecting an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument...

File Integrity Manipulation

psitransfer is vulnerable to File integrity Manipulation. The vulnerability is due to the lack of proper access controls or restrictions on the endpoint designed for uploading files, allowing an attacker with the file distribution ID to alter the files within that distribution...

CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

Design/Logic Flaw

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

Out-of-bounds

A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S85F Management Platform up to 20230820 on Smart. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php. The manipulation of the argument 1fileupload leads to unrestricted...

Bitdefender Safepay Access Control Error Vulnerability

Bitdefender SafePay is a secure browser. The Access Control Error vulnerability, which previously existed in Bitdefender Safepay version 25.0.7.29, stems from an Authentication Error vulnerability in Bitdefender Safepay, which can be exploited by an attacker to manipulate the browser's file uploa...

Bitdefender SafePay 访问控制错误漏洞

Bitdefender SafePay is a secure browser. The Access Control Error vulnerability, which previously existed in Bitdefender Safepay version 25.0.7.29, stems from an Authentication Error vulnerability in Bitdefender Safepay, which can be exploited by an attacker to manipulate the browser's file uploa...

Apache Struts 2.x <= 2.5.20 Multiple Vulnerabilities

The version of Apache Struts installed on the remote host is 2.x prior or equal to 2.5.20. It is, therefore, affected by multiple vulnerabilities: - The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is...

PHP and ASP are two kinds of script upload vulnerability explore-exploit warning-the black bar safety net

1 pass exploit the principles just for the form format of the upload of asp and php scripts ncnetcat For the submission packet the dos interface to run under: nc-vv www.. com 8 01.txt -vv: echo 8 0: the www port 1.txt: is your data packet to be transmitted use of more methods, please check this...