exploit the possibilities
Showing 1 - 2 of 2 RSS Feed

CVE-2018-11091

Status Candidate

Overview

An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the "HiddenFieldControlCustomWhiteListedExtensions" parameter and add arbitrary extensions to the whitelist during the upload. For instance, if the extension .asp is added to the "HiddenFieldControlCustomWhiteListedExtensions" parameter, the server accepts "secctest.asp" as a legitimate file. Hence malicious files can be uploaded in order to execute arbitrary commands to take over the server.

Related Files

FreeBSD Security Advisory - FreeBSD-SA-19:26.mcu
Posted Nov 12, 2019
Authored by InTeL | Site security.freebsd.org

FreeBSD Security Advisory - From time to time Intel releases new CPU microcode to address functional issues and security vulnerabilities. Such a release is also known as a Micro Code Update (MCU), and is a component of a broader Intel Platform Update (IPU). FreeBSD distributes CPU microcode via the devcpu-data port and package.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2017-5715, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11135, CVE-2019-11139
MD5 | 3f292061289055eb717818fe052c4a7b
MyBiz MyProcureNet 5.0.0 File Upload / Cross Site Scripting
Posted May 14, 2018
Authored by Fikri Fadzil, Wan Ikram, Jasveer Singh, Ahmad Ramadhan Amizudin | Site sec-consult.com

MyBiz MyProcureNet version 5.0.0 suffers from remote file upload and cross site scripting vulnerabilities.

tags | advisory, remote, vulnerability, xss, file upload
advisories | CVE-2018-11091, CVE-2018-11090
MD5 | 9d259792840d984bdc75e2b482b86e96
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close