10 matches found
EUVD-2026-42385
Path equivalence: vulnerability in Progress MOVEit Transfer File Upload modules. This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4...
PT-2026-56574
Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2025.0.8 MOVEit Transfer versions 2025.1.0 through 2025.1.3 Description Progress MOVEit Transfer contains a path equivalence issue within its File Upload modules. This flaw has been targeted by numerous...
CVE-2026-38751
CVE-2026-38751 affects OpenSTAManager versions prior to 2.11 (2.10 and earlier) and is an arbitrary file upload vulnerability in the module update endpoint (modules/aggiornamenti/upload_modules.php). The Red Hat/NVD/CVE records, along with PT-Security and CVE enrichment sources, confirm a vulnera...
CVE-2025-26496
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux File Upload modules allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19...
CVE-2025-26496
CVE-2025-26496 concerns a Type Confusion vulnerability in Salesforce Tableau Server and Tableau Desktop (Windows, Linux) within their File Upload modules, enabling Local Code Inclusion. Affected versions include Tableau Server/Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19. The issu...
GHSA-5CMG-8M8P-WHMJ GeniXCMS arbitrary PHP code execution
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...
Design/Logic Flaw
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...
CVE-2017-14764
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...
CVE-2017-14764
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...
Fedora 16 : drupal6-6.27-1.fc16 / drupal7-7.18-1.fc16 (2012-20794)
Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...