CVE-2020-36891

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute i...

alexandria.txt

====================================================================== Secunia Research 28/03/2003 - Alexandria-dev / sourceforge multiple vulnerabilities - ====================================================================== Receive Secunia Security Advisories for free:...

Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access

The remote host seems to be running Alexandria-Dev, an open source project management system. The CGIs 'docman/new.php' and 'patch/index.php' can be used by an attacker with the proper credentials to upload a file and trick the server about its real location on the disk. Therefore, an attacker ma...

L-Forum XSS and upload spoofing

L-Forum XSS and upload spoofing PROGRAM: L-Forum VENDOR: Leszek Krupinski [email protected] HOMEPAGE: http://l-forum.x-php.net/ VULNERABLE VERSIONS: 2.4.0, possibly others IMMUNE VERSIONS: none, but an official patch is available for some issues SEVERITY: high LOGIN REQUIRED: no DESCRIPTION: "L-Foru...