what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

TomatoCMS Arbitrary File Upload
Posted Jun 4, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in TomatoCMS, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused by an error in the validation of uploaded image files while adding a new article. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code. Successful exploitation requires "Add new article", "Upload file to server", and "Browse uploaded files" permissions. Version 2.0.6 is affected.

tags | advisory, arbitrary, php
advisories | CVE-2010-1514
MD5 | eecd0eddeebf937f4848b828a1fc8796
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
New Attack Exploiting Bluetooth Weakness Intercepts Data
Posted Aug 17, 2019

tags | headline, privacy, wireless, data loss, flaw
Google Wants To Reduce HTTPS Cert Lifetimes To 1 Year
Posted Aug 17, 2019

tags | headline, privacy, google, cryptography
European Central Bank Confirms BIRD Site Hacked
Posted Aug 17, 2019

tags | headline, hacker, government, privacy, bank, data loss
NSA Asks Congress To Permanently Reauthorize Spying Program
Posted Aug 17, 2019

tags | headline, government, privacy, usa, phone, spyware, nsa
We Asked Def Con Attendees Why People Are Still Getting Hacked
Posted Aug 16, 2019

tags | headline, hacker, conference
Judge Orders Georgia To Switch To Paper Ballots For 2020 Elections
Posted Aug 16, 2019

tags | headline, government, usa, fraud
Huawei Africa Spying Claims Denied
Posted Aug 16, 2019

tags | headline, government, china, africa, spyware, facebook
Trump Admin Wants To Extend NSA Phone Surveillance Program
Posted Aug 16, 2019

tags | headline, government, privacy, usa, phone, spyware, nsa
Amazon's Rekognition Software Can Now Spot Fear
Posted Aug 15, 2019

tags | headline, amazon, science
Biostar Security Software Leaked A Million Fingerprints
Posted Aug 15, 2019

tags | headline, data loss, password
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close