Lucene search
K

116 matches found

NVD
NVD
added 2025/10/21 5:15 p.m.5 views

CVE-2025-60500

QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...

7.2CVSS0.00482EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-28180

Malicious code in bioql PyPI...

2.6CVSS6.6AI score0.00263EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/11 12:0 a.m.5 views

PT-2025-32551 · Unknown · Auxilium Ratemypet

Name of the Vulnerable Software and Affected Versions: Auxilium RateMyPet affected versions not specified Description: Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in the upload banners.php file. The banner upload feature does not validate file types or requi...

9.3CVSS7AI score0.01391EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/10 6:14 p.m.16 views

CVE-2012-10036

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...

9.3CVSS7.7AI score0.01245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/10 6:14 p.m.16 views

CVE-2012-10052

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...

9.3CVSS8.2AI score0.01145EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/08 6:14 p.m.14 views

CVE-2012-10045 XODA 0.4.5 Arbitrary PHP File Upload

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...

9.3CVSS0.01141EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/08/08 6:14 p.m.6 views

CVE-2012-10045 XODA 0.4.5 Arbitrary PHP File Upload

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...

9.3CVSS8AI score0.01141EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 9:13 a.m.6 views

CVE-2024-30252

Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. An authenticated request is ...

2.6CVSS6.5AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2025/02/13 1:15 a.m.10 views

CVE-2025-25286

Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. The issue has been patched in...

9.8CVSS0.00937EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.6 views

Crayfish 安全漏洞

Crayfish is a collection of Islandora microservices open-sourced by Islandora. A security vulnerability exists in Crayfish that stems from remote code execution that can occur in Homarus installations that are accessible via the Web under certain configurations...

9.8CVSS7.7AI score0.00937EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.4 views

PT-2025-7251 · Hypercube · Hypercube

Name of the Vulnerable Software and Affected Versions: hypercube affected versions not specified Description: The issue allows for remote code execution in web-accessible installations of hypercube. To exploit this, an attacker must make a request against hypercube's endpoints. Standard security...

9.5CVSS7.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/01/15 10:4 p.m.20 views

Crayfish allows Remote Code Execution via Homarus Authorization header

Impact Remote code execution may be possible in web-accessible installations of Homarus in certain configurations. Patches The issue has been patched in islandora/crayfish:4.1.0 Workarounds The exploit requires making a request against the Homarus's /convert endpoint; therefore, the ability to...

9.8CVSS7.5AI score0.00937EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/04/29 5:15 p.m.3 views

DEBIAN-CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...

9.8CVSS5.6AI score0.00719EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.6 views

PT-2024-23299 · Livemarks · Livemarks

Name of the Vulnerable Software and Affected Versions: Livemarks versions prior to 3.7 Description: The issue allows a malicious website to coerce the extension into sending an authenticated GET request to an arbitrary URL, potentially leading to Privilege Escalation. This occurs because the...

2.6CVSS7AI score0.00263EPSS
Exploits0References8
Veracode
Veracode
added 2024/02/27 9:45 a.m.26 views

Information Disclosure

microsoft/microsoft-graph-core is vulnerable to Information Disclosure. The vulnerability is due to the inclusion of test code that enables the use of the phpInfo function, specifically through the GetPhpInfo.php script, which can expose sensitive system information if the server is misconfigured...

5.4CVSS6.9AI score0.02203EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2023/12/06 1:50 p.m.28 views

Information Disclosure

microsoft/microsoft-graph is vulnerable to Information Disclosure. The vulnerability exists in the phpinfo function of GetPhpInfo.php, allowing an attacker to access unauthorized system information such as configuration details, modules, and environment variables. This vulnerability is only...

5.4CVSS6.5AI score0.02203EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/12/05 11:15 p.m.23 views

Design/Logic Flaw

msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The...

5CVSS6.9AI score0.02203EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/09/29 8:39 p.m.18 views

GHSA-JM6M-4632-36HF Composer Remote Code Execution vulnerability via web-accessible composer.phar

Impact Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Patches 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Workarounds Make sure registerargcargv i...

8.8CVSS7.2AI score0.0139EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2023/09/29 8:39 p.m.127 views

Composer Remote Code Execution vulnerability via web-accessible composer.phar

Impact Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Patches 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Workarounds Make sure registerargcargv i...

8.8CVSS7.2AI score0.0139EPSS
Exploits0References10Affected Software1
FreeBSD
FreeBSD
added 2023/09/29 12:0 a.m.26 views

Remote Code Execution via web-accessible composer

Composer project reports: Description: Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Workaround: Make sure registerargcargv is disabled in php.ini, and...

8.8CVSS7AI score0.0139EPSS
Exploits0References1
Rows per page
Query Builder