CVE-2026-45225 Heym < 0.0.21 Path Traversal File Upload via upload_file()

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

CVE-2025-63228

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /uploadfile.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file e.g., a PHP webshell to the server. The uploade...

CVE-2025-63228

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /uploadfile.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file e.g., a PHP webshell to the server. The uploade...

CVE-2024-56975

InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...

CVE-2024-56975

InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...

CVE-2024-12478 InvoicePlane 1 upload_file unrestricted upload

A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function uploadfile of the file /index.php/upload/uploadfile/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The...

CVE-2021-28840

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the uploadconfig function of sbin/httpd binary...

D-Link多款产品代码问题漏洞

The D-Link DAP-2310 is a single-band wireless network access point for small businesses or schools that need a fast and reliable wireless network. the DAP-2330 is a wireless N300 single-band PoE access point. A null pointer dereference vulnerability exists in several D-Link products. The...

CVE-2018-9037

Monstra CMS 3.0.4 allows remote code execution via an uploadfile request for a .zip file, which is automatically extracted and may contain .php files...

Constructr CMS 3.03 Arbitrary File Upload

No description provided by source. !/usr/bin/env perl Constructr CMS 3.03 Arbitrary File Upload Author: plucky Email: [email protected] Vulnerable Page: /constructr/backend/media.php line App Download: http://sourceforge.net/projects/constructr/ Date: 23/03/2011 THX TO: yawn, shrod, h473 and...

Janissaries Joomla Civicrm Shell Upload

||| /|/ | /\ | //|| /\ / / / / / / /// ----------------------------------------------------------------------------- Janissaries Joomla ComCivicrm Exploitation Tool with MultiThread Coded by Miyachung Stay away from lamers o.O Contact: [email protected] Special Thanks : B127Y Site:...