EUVD-2008-7137

Malware in sbrugna...

PT-2025-40519

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS flaw exists due to inadequate validation and sanitization of SVG file uploads within the appsystemincludemoduleeditorUploader.class.php component. This allows attackers to...

CVE-2021-43787

Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a pat...

GHSA-29XX-FHFF-36M7 Liferay Portal vulnerable to Denial of Service

The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, whic...

GHSA-WX69-RVG3-X7FC XSS via prototype pollution in NodeBB

Impact A prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report...

XSS via prototype pollution in NodeBB

Impact A prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report...

CVE-2021-43787 XSS via prototype pollution

Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a pat...

CVE-2015-2087

Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors...

CVE-2008-7178

Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a downloadfile action to index.php...

Directory traversal

Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a downloadfile action to index.php...

CVE-2008-7178

The CVE-2008-7178 issue affects XOOPS Uploader module 1.1, exposing a Directory Traversal vulnerability. An attacker can read arbitrary files by supplying ".." in the filename parameter of the downloadfile action to index.php, enabling remote access to sensitive files. The vulnerability is docume...

CVE-2008-7178

Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a downloadfile action to index.php...