Lucene search
K

6 matches found

CVE
CVE
added 2026/06/05 6:20 p.m.22 views

CVE-2026-46392

HAX CMS (PHP, pre-26.0.0) has a case-sensitivity mismatch in HTML upload handling. The saveFile endpoint validates extensions case-insensitively but the .htaccess rule enforcing Content-Disposition: attachment for HTML is case-sensitive. As a result, an uploaded HTML file with an uppercase extens...

8.7CVSS5.5AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2026/01/16 3:49 p.m.4 views

GHSA-M3C4-PRHW-MRX6 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Summary A prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing for...

8.1CVSS7.1AI score0.00619EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2015/07/01 12:0 a.m.28 views

FreeBSD : wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension (2a8b7d21-1ecc-11e5-a4a5-002590263bf5)

Ignacio R. Morelle reports : As mentioned in the Wesnoth 1.12.4 and Wesnoth 1.13.1 release announcements, a security vulnerability targeting add-on authors was found bug 23504 which allowed a malicious user to obtain add-on server passphrases from the client's .pbl files and transmit them over th...

4.3CVSS5AI score0.01715EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2015/06/28 12:0 a.m.29 views

wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension

Ignacio R. Morelle reports: As mentioned in the Wesnoth 1.12.4 and Wesnoth 1.13.1 release announcements, a security vulnerability targeting add-on authors was found bug 23504 which allowed a malicious user to obtain add-on server passphrases from the client's .pbl files and transmit them over the...

4.3CVSS4.9AI score0.01715EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2003/06/11 12:0 a.m.5 views

PT-2003-1602 · Sun · Sun One Application Server

Name of the Vulnerable Software and Affected Versions: Sun ONE Application Server version 7.0 Description: The issue allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. Recommendations: For Sun ONE...

7.5CVSS6.5AI score0.27069EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2000/06/08 12:0 a.m.7 views

PT-2000-1436 · Unify · Unify Ewave Servletexec

Name of the Vulnerable Software and Affected Versions: Unify eWave ServletExec affected versions not specified Description: The issue allows a remote attacker to view the source code of a JSP program. This can be achieved by requesting a URL that provides the JSP extension in upper case...

7.5CVSS6.5AI score0.02261EPSS
Exploits0References4
Rows per page
Query Builder