Online Job Search System version 1.0 suffers from an arbitrary file upload vulnerability.
25f5aa2a29c64ab981939ce3c1c10082aa1a07beb7098128132b5921c035bc9dOnline Flight Booking System version 1.0 suffers from an arbitrary file upload vulnerability.
cbda91dc01c92da5a98f256f2b262f13fd4937433fae73274fba8113fbbc7648This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to register an account and exploit the issues. Moreover, the application runs by default with root privileges, potentially resulting in a complete system compromise. This Metasploit module, which should work on any Red Hat-based Linux system, exploits these issues by adding a new cronjob file that executes the specified payload.
0bc1add3ef020b8c6e70e1d2ec3bfd3d9c59d68531db58229710061c08ef8c2eTravel Management System Project version 1.0 suffers from an arbitrary file upload vulnerability.
759d3158646088d395fadb366a34f4e08fcbf04963fd9527824e9428498ffc2bOnline Traffic Offense version 1.0 suffers from cross site request forgery and arbitrary file upload vulnerabilities.
e5a827b48fc4659294048f669ce8dc8150ad3c9cea88685a31c1e4fff34cdbbdOnline Notice Board System version 1.0 suffers from an arbitrary file upload vulnerability.
ab3ddd76fa0a76019b10579096221df8438dc75c5be821cc1ebffb0b0e85e47bOnline Bus Ticket Booking Website version 1.0 suffers from an arbitrary file upload vulnerability.
d02b982816fa96d983d448b4dac321ae5fc15af8c9aaf37b74b02f7189a5feb4Expense Management System version 1.0 suffers from an arbitrary file upload vulnerability.
66dcc2bef5476bdd41cb8a565bbbb520bf475144f6f9a701f2b3796408386473Online Job Recruitment Portal Project version 1.0 suffers from an arbitrary file upload vulnerability.
0b11185c3ea1add14d0fab396e3abc79b89450ee26fe1d4c4eb27856f33193eaThis Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.
470929e92864600915a7773675e61c23486f09b86f3d05d72951628b436ed7c0Queuing Simple Chatbot version 1.0 suffers from a remote shell upload vulnerability.
1ac1abe713bae44f313173560ae4b2399dcbac5f41ce3ca8ddd25b5daa57b3ffCrime Complaints Reporting Management System version 1.0 suffers from an arbitrary file upload vulnerability.
3cc5618e76f72a62cd86bf2b3fd5f9a047a06734d88af32677fe76edb0e529b0Student Attendance Management System version 1.0 suffers from an arbitrary file upload vulnerability.
8301589003c010f20ac529eb42cbb71ab3534415a910f9e4049f5a4439af953dOnline Travel Agency System version 1.0 suffers from an arbitrary file upload vulnerability.
5d679af79681b3230bebbb01358d179220b220e1d69d8bcf6fa3c2dfc830be0fHostel Management System version 1.0 version 1.0 suffers from an arbitrary file upload vulnerability.
27f8218a09b1dbd02541ebb3a01b906007cc837ea1498cdeb2bc7e08eaf27619This Metasploit module attempts to read a remote file from the server using a vulnerability in the way MediaWiki handles SVG files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. In order to work MediaWiki must be configured to accept upload of SVG files. If anonymous uploads are allowed the username and password arent required, otherwise they are. This Metasploit module has been tested successfully on MediaWiki 1.19.4, 1.20.3 on Ubuntu 10.04 and Ubuntu 12.10. Older versions were also tested but do not seem to be vulnerable to this vulnerability. The following MediaWiki requirements must be met: File upload must be enabled, $wgFileExtensions[] must include svg, $wgSVGConverter must be set to something other than false.
71615d7c455fb2156a5414c500e8bff8843420ced30f06fff70abbf96f287ac8When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP. Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
f20ed46e990bc49e51e4df52537ec564d571907ef6c1bab6631f3044e0db35c8This Metasploit module will extract Domain Controller credentials from vulnerable installations of HP SNAC as distributed with HP ProCurve 4.00 and 3.20. The authentication bypass vulnerability has been used to exploit remote file uploads. This vulnerability can be used to gather important information handled by the vulnerable application, like plain text domain controller credentials. This Metasploit module has been tested successfully with HP SNAC included with ProCurve Manager 4.0.
aed454bc14ce73f32076d32a64079806c8be0da490907a6f04fd8ad00e038838Water Billing Management System version 1.0 suffers from a cross site request forgery that enables an arbitrary file upload.
b2b6b9ccd306227cb678af1bbff8e4fca60932e849a1f798914a7c8e6a43a1deFile Management System version 1.0 suffers from an arbitrary file upload vulnerability.
d7190aeb73675b4c80d6ccca7878d2547c38a9ee67ce2c6eb9c502dbff60d004CMS RIMI version 1.3 suffers from cross site request forgery and arbitrary file upload vulnerabilities.
dc50ee27904a926af74bf8f7250aab4eeedc989557ba1792b18fa14c73568744Online Banking System version 1.0 suffers from an arbitrary file upload vulnerability.
21c5ff52ac4e90c5da3505e6a12e81117f3b56db76ac19fc375e8dd30243e7eeOnline Diagnostic Lab Management System version 1.0 suffers from an arbitrary file upload vulnerability.
978b02141f2137df791b40707a42365e446471161ea7eb4df651cfd5ff222dd8Biobook Social Networking Site version 1.0 suffers from an arbitrary file upload vulnerability.
eea7a63452086fbc6b26395926afd32c8db7ed26cb64e63041d07be948f52e93Job Castle version 1.0 suffers from an arbitrary file upload vulnerability.
f14162d4a77d52793d3dc53ca757b4ad8ff9f17c72b6660e345b95221d53f069
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed