Online Job Search System version 1.0 suffers from an arbitrary file upload vulnerability.
25f5aa2a29c64ab981939ce3c1c10082aa1a07beb7098128132b5921c035bc9d
Online Flight Booking System version 1.0 suffers from an arbitrary file upload vulnerability.
cbda91dc01c92da5a98f256f2b262f13fd4937433fae73274fba8113fbbc7648
This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to register an account and exploit the issues. Moreover, the application runs by default with root privileges, potentially resulting in a complete system compromise. This Metasploit module, which should work on any Red Hat-based Linux system, exploits these issues by adding a new cronjob file that executes the specified payload.
0bc1add3ef020b8c6e70e1d2ec3bfd3d9c59d68531db58229710061c08ef8c2e
Travel Management System Project version 1.0 suffers from an arbitrary file upload vulnerability.
759d3158646088d395fadb366a34f4e08fcbf04963fd9527824e9428498ffc2b
Online Traffic Offense version 1.0 suffers from cross site request forgery and arbitrary file upload vulnerabilities.
e5a827b48fc4659294048f669ce8dc8150ad3c9cea88685a31c1e4fff34cdbbd
Online Notice Board System version 1.0 suffers from an arbitrary file upload vulnerability.
ab3ddd76fa0a76019b10579096221df8438dc75c5be821cc1ebffb0b0e85e47b
Online Bus Ticket Booking Website version 1.0 suffers from an arbitrary file upload vulnerability.
d02b982816fa96d983d448b4dac321ae5fc15af8c9aaf37b74b02f7189a5feb4
Expense Management System version 1.0 suffers from an arbitrary file upload vulnerability.
66dcc2bef5476bdd41cb8a565bbbb520bf475144f6f9a701f2b3796408386473
Online Job Recruitment Portal Project version 1.0 suffers from an arbitrary file upload vulnerability.
0b11185c3ea1add14d0fab396e3abc79b89450ee26fe1d4c4eb27856f33193ea
This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.
470929e92864600915a7773675e61c23486f09b86f3d05d72951628b436ed7c0
Queuing Simple Chatbot version 1.0 suffers from a remote shell upload vulnerability.
1ac1abe713bae44f313173560ae4b2399dcbac5f41ce3ca8ddd25b5daa57b3ff
Crime Complaints Reporting Management System version 1.0 suffers from an arbitrary file upload vulnerability.
3cc5618e76f72a62cd86bf2b3fd5f9a047a06734d88af32677fe76edb0e529b0
Student Attendance Management System version 1.0 suffers from an arbitrary file upload vulnerability.
8301589003c010f20ac529eb42cbb71ab3534415a910f9e4049f5a4439af953d
Online Travel Agency System version 1.0 suffers from an arbitrary file upload vulnerability.
5d679af79681b3230bebbb01358d179220b220e1d69d8bcf6fa3c2dfc830be0f
Hostel Management System version 1.0 version 1.0 suffers from an arbitrary file upload vulnerability.
27f8218a09b1dbd02541ebb3a01b906007cc837ea1498cdeb2bc7e08eaf27619
This Metasploit module attempts to read a remote file from the server using a vulnerability in the way MediaWiki handles SVG files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. In order to work MediaWiki must be configured to accept upload of SVG files. If anonymous uploads are allowed the username and password arent required, otherwise they are. This Metasploit module has been tested successfully on MediaWiki 1.19.4, 1.20.3 on Ubuntu 10.04 and Ubuntu 12.10. Older versions were also tested but do not seem to be vulnerable to this vulnerability. The following MediaWiki requirements must be met: File upload must be enabled, $wgFileExtensions[] must include svg, $wgSVGConverter must be set to something other than false.
71615d7c455fb2156a5414c500e8bff8843420ced30f06fff70abbf96f287ac8
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP. Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
f20ed46e990bc49e51e4df52537ec564d571907ef6c1bab6631f3044e0db35c8
This Metasploit module will extract Domain Controller credentials from vulnerable installations of HP SNAC as distributed with HP ProCurve 4.00 and 3.20. The authentication bypass vulnerability has been used to exploit remote file uploads. This vulnerability can be used to gather important information handled by the vulnerable application, like plain text domain controller credentials. This Metasploit module has been tested successfully with HP SNAC included with ProCurve Manager 4.0.
aed454bc14ce73f32076d32a64079806c8be0da490907a6f04fd8ad00e038838
Water Billing Management System version 1.0 suffers from a cross site request forgery that enables an arbitrary file upload.
b2b6b9ccd306227cb678af1bbff8e4fca60932e849a1f798914a7c8e6a43a1de
File Management System version 1.0 suffers from an arbitrary file upload vulnerability.
d7190aeb73675b4c80d6ccca7878d2547c38a9ee67ce2c6eb9c502dbff60d004
CMS RIMI version 1.3 suffers from cross site request forgery and arbitrary file upload vulnerabilities.
dc50ee27904a926af74bf8f7250aab4eeedc989557ba1792b18fa14c73568744
Online Banking System version 1.0 suffers from an arbitrary file upload vulnerability.
21c5ff52ac4e90c5da3505e6a12e81117f3b56db76ac19fc375e8dd30243e7ee
Online Diagnostic Lab Management System version 1.0 suffers from an arbitrary file upload vulnerability.
978b02141f2137df791b40707a42365e446471161ea7eb4df651cfd5ff222dd8
Biobook Social Networking Site version 1.0 suffers from an arbitrary file upload vulnerability.
eea7a63452086fbc6b26395926afd32c8db7ed26cb64e63041d07be948f52e93
Job Castle version 1.0 suffers from an arbitrary file upload vulnerability.
f14162d4a77d52793d3dc53ca757b4ad8ff9f17c72b6660e345b95221d53f069