EUVD-2012-2613

Malware in sbrugna...

GHSA-C96R-38GV-GRP4 ShopXO Server-Side Request Forgery Vulnerability

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...

ShopXO Server-Side Request Forgery Vulnerability

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...

CVE-2024-6524

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...

CVE-2024-6524 ShopXO Uploader.php server-side request forgery

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...

CVE-2024-6524 ShopXO Uploader.php server-side request forgery

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...

CVE-2018-25002

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2018-25002

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2018-25002

CVE-2018-25002 affects the Drupal KCFinder integration (uploader.php) through 2018-06-01, where input validation is mishandled. The issue originates from the KCFinder integration project and is associated with SA-CONTRIB-2018-024. NVD lists CVSS v3.1 base score 8.8 (HIGH) with NETWORK attack vect...

Cross site scripting

XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php...

CVE-2017-12139

CVE-2017-12139 affects XOOPS Core 2.5.8 with a stored XSS in imagemanager.php due to missing MIME type validation in htdocs/class/uploader.php. The issue is caused by inadequate validation of uploaded content, enabling an attacker to inject malicious script when the affected page is viewed. Conne...

WordPress Category-Page-Icons插件-wpdev-flash-uploader.php文件-文件上传漏洞

No description provided by source...

WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload

WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility Author : Manish Kishan Tanwar AKA error1046 Home Page :...

minimal ablog 0.4 (sql/fu/bypass) Multiple Vulnerabilities

No description provided by source. =========================================================================================================== o minimal-ablog 0.4 SQL Injection, File Upload and Admin Bypass Vuln Software : minimal-ablog version 0.4 Vendor : http://www.abweb.co.cc/ Download :...

WordPress Silverlight Media Player Plugin <= 0.8 - XSS

Because of this vulnerability in uploader.php, the attackers can inject arbitrary web script or HTML via the "postid" parameter. Solution Update the plugin...

Wordpress User Meta Version 1.1.1 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress User Meta Version 1.1.1 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/user-meta/framework/helper/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://user-meta.com/ Software Link:...

arab3 Upload Cross Site Scripting

======================================================================================== | Title : arab3 upload Cross Site Scripting By Pass Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | Total alerts...

Design/Logic Flaw

uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request...

CVE-2008-6613

uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request...

CVE-2008-6613

CVE-2008-6613 affects minimal-ablog 0.4, where uploader.php fails to properly restrict access. This allows remote attackers to gain administrative privileges via a direct request. The description and linked references confirm the component and impact but do not provide exploit details, affected v...