Unrestricted File Upload

Title	Vulnerabilities	Programs	Authors
Hitting the jackpot with RCE!	RCE Unrestricted File Upload	Undisclosed	Gokulsspace (@GokTest)
Traccar 5 Remote Code Execution Vulnerabilities	RCE Unrestricted File Upload Path Traversal Security Code Review	Traccar	Naveen Sunkavally
From Discovery to Disclosure: ReCrystallize Server Vulnerabilities	Default Credentials LFI Authentication Bypass Privilege Escalation Unrestricted File Upload RCE	ReCrystallize Software	Paul Van Der Haas (@PvdH)
CVE-2023-25365 / XSS via file upload bypass	Stored XSS Unrestricted File Upload	October CMS	Cupc4k3 Gabriel v. Mendes
Unrestricted File Upload Lead to Stored XSS at Microsoft main domain	Unrestricted File Upload Stored XSS	Microsoft	Sokol Çavdarbasha (@Sokolicav)
Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise	Account Takeover Information Disclosure RCE Unrestricted File Upload Stored XSS Arbitrary File Read Local Privilege Escalation Path Traversal DoS IDOR Hardcoded Credentials	PandoraFMS	Oliver Brooks
$7000 Bounty on a Single Web Application	RCE Unrestricted File Upload Stored XSS Reflected XSS Account Takeover IDOR Logic Flaw	Undisclosed	Amir Abbas (@ImAyrix)
Revisiting an Old Bug: File Upload to Code Execution	Unrestricted File Upload RCE	Visualware	B0yd (@Rwincey)
Technical Advisory: Vulnerabilities Identified within ListServ	CSRF Samesite Cookie Bypass Reflected XSS Stored XSS Unrestricted File Upload DLL Hijacking Local Privilege Escalation Buffer Overflow Memory Corruption	ListServ	Adam Crosser
Unveiling RCE on Dutch Government Website	RCE Unrestricted File Upload	Dutch Government	Nayeem Islam (@Nayeems3c)
RCE on Application’s Tracking Admin Panel	RCE Unrestricted File Upload	Undisclosed	Nithissh
Multiple Vulnerabilities In Cockpit CMS <= V2.5.2	CSRF Unrestricted File Upload RCE XSS IDOR Security Code Review	Cockpit CMS	GhostCcamm (@GhostCcamm)
Sony Bravia Remote Code Execution Disclosure	RCE Unrestricted File Upload RFI	Sony	Brett DeWall (@Xbadbiddyx) Michael Rand
A deep-dive on Pluck CMS vulnerability CVE-2023-25828	Unrestricted File Upload RCE Security Code Review	Pluck CMS	Matthew Hogg
How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain	RCE Unrestricted File Upload Stored XSS Information Disclosure Directory Listing	Undisclosed	Aayush Vishnoi (@AayushVishnoi10)
When Good APIs Go Bad: Uncovering 3 Azure API Management Vulnerabilities	SSRF Unrestricted File Upload Path Traversal Cloud	Microsoft (Azure)	Liv Matan (@TerminatorLM)
Apache Solr 8.3.1 RCE from exposed administration interface	RCE Unrestricted File Upload XSLT Injection Path Traversal	Apache Solr	Nicolas Brunner
Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera	RCE Unrestricted File Upload Path Traversal Security Code Review	Oracle (Opera)	Shubham Shah (@Infosec_au) Sean Yeoh (@Seanyeoh) Brendan Scarvell (@Bscarvell) Jason Haddix (@Jhaddix)
Bug Bounty: como encontrei o bug Unrestricted File Upload	Unrestricted File Upload	Undisclosed	Paulo Mota
The Tale of a Command Injection by Changing the Logo	RCE OS Command Injection Unrestricted File Upload Directory Listing HTTP Response Manipulation	Undisclosed	0xrz (@Omidxrz)
Zip bomb attack	Zip Bomb DoS Unrestricted File Upload	Undisclosed	Ramkumar Nadar
Disabling js for the win	Unrestricted File Upload RCE	Undisclosed	Vuk Ivanovic
CentreStack Disclosure	Authentication Bypass Password Reset Unrestricted File Upload RCE	Gladinet (CentreStack)	Michael Rand
CVE-2022-21587 (Oracle E-Business Suite Unauthenticated RCE)	RCE Unrestricted File Upload Zip Slip Attack	Oracle	@Vudq16 Q5Ca (@_Q5ca) @Hoangnx99
Lexmark MC3224adwe RCE exploit	RCE SSRF Printer Hacking Unrestricted File Upload Local Privilege Escalation	Lexmark	Blasty (@Bl4sty)

Page 1 of 4