This Metasploit module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called TPL which is used in the PlaySMS template engine at src/Playsms/Tpl.php:_compile(). The vulnerability is triggered when an attacker supplied username with a malicious payload is submitted. This malicious payload is then stored in a TPL template which when rendered a second time, results in code execution.
69a0f4388bcdfe1db7116c0d2b6663a925f860d9e3598da1d2bb51cf94a6700fThis Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in octobercms/vendor/october/rain/src/Filesystem/ Definitions.php:blockedExtensions(). This module was tested on October CMS version version 1.0.412 on Ubuntu.
018cfd6c1eb8529baff5fa0a0a5365e86412dcf24e53e0a9dac7f7b274f80338Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.
0e5c78b52a8faacfdb2de57265661b6c719a85c4847298f55630458f64d9b2edMonstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS 3.0.4.
1887578bc1177ca40a87f7026a635f2de84eb4fde318ce454bb39c39bf591148This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the User-Agent HTTP header and PHP code in the User-Agent. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
fd1838461438181db5479d38d1d1a6bb70ccdcb0e64b5040c592f5b4d3e3b3c7This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
cd8509a13a4fadd5aa08a73c50a37e6e2a9bfc372d03a5e3789206904923adf9This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.
4cbc4f10623c015fe72317b111015c9c54dcbf8fdddd9d0a7b8d9e1a06c5b330DiskBoss Enterprise version 8.4.16 suffers from an import command buffer overflow vulnerability.
d7c0ede8c236e11bbaad0ae423654cad914ee3e9daac54527d87d869ba12f6a9DiskBoss Enterprise version 8.4.16 buffer overflow proof of concept exploit.
a6fdae67ed7fbf00f947fcf9d2978c0118c03da4e4413bceed8fb193d9da5b1d30 bytes small Linux/x86_64 mkdir() shellcode.
3154b02a88675f37e8780c81b32546679ba6686baf27481ec41777b0a348c642Easy RM RMVB to DVD Burner version 18.11 buffer overflow exploit.
0e6caeaabff62e5b13661c152cc35327130cb5693f71488479e4f3a2ad4a8b9eEasy WMV/ASF/ASX to DVD Burner version 2.3.11 buffer overflow exploit.
e32cd0f9d448918e1a94e76e77bfb0ff63cbbf3418eb1d6d9c56182c8950bec5153 bytes small Linux/x86-64 reverse TCP shell shellcode that binds to 192.168.1.2:4444.
8b515c4af9fd6072328a06afeedd6ffde3a78da3aa4cdccef2dfa347f402c019RealTime RWR-3G-100 router suffers from a cross site request forgery vulnerability.
9958db6e4a33e71786b0330d416a220f1c73c39d6218e05719d261b1aae1c47aPiwigo User Tag plugin version 0.9.0 suffers from a cross site scripting vulnerability.
eca16ec9ac75f9160152a2940e049c3769c072813d65672d639e732dae29b8eeVehicleWorkshop suffers from a remote file upload vulnerability.
d432afd836ca92cee5515ba67567d6329a5ad23eae90e05a8d2bc57a312f34b9VehicleWorkshop suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0bd45c9f3ab5b3cdca856bbe8862d749b5c68c5efa5fb016a3e7901d024a0f44Easy File Sharing Web Server version 7.2 suffers from a buffer overflow vulnerability.
72fcbe905756ed1d42583e8d6fcd1c8a372e756ccb0cc06867748487c3ce9915Easy File Sharing Web Server version 7.2 suffers from an authentication bypass vulnerability. suffers from a bypass vulnerability.
570b5f08978aa0a7fc9b1fd1bf9dfdca0cbfbd6fd0cbce1b9f589eab22ef8f0131 bytes small Linux/x86-64 JMP CALL POP /bin/sh shellcode.
95dad731ba6f9381cfcdea23e78eed4588b15b3cc9e26f9b88bfc03648697c81Piwigo Facetag plugin version 0.0.3 suffers from a remote SQL injection vulnerability.
3f72fcb8ece0adc26b0ccbdbcfeb68fd34b23af7b91df6f5b9dc2fe3a3041a20Aries QWR-1104 Wireless-N router suffers from a cross site scripting vulnerability.
e5003c524c37548060cc231edf0fc24067399ffb00f05fa475cf690683a5c17dPlaySMS version 1.4 suffers from a remote code execution vulnerability.
3c8a63c95cb5cd39de2c05874efd2f98a9c719765b28143345cabc3ef991b525D-Link DIR-600M Wireless N 150 suffers from an authentication bypass vulnerability.
d2de4c1ec6d915ce30568940e60b15df8daef411482a245f56c00ebbe5c653baPlaySms version 1.4 suffers from a remote code execution vulnerability.
9878587e8dfdd2451061b778be33b8def9e7dcb8aa71d1ad6556d9627a73ab36
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed