Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability.
ff385678ff3635685901b5f601407cc8DotNetNuke CMS version 9.5.0 suffers from file extension check bypass vulnerability that allows for arbitrary file upload.
b8d76ca694f11feae28306337a7aab8eSmartClient version 120 suffers from information disclosure, local file inclusion, remote file upload, and XML external entity injection vulnerabilities.
57f8471ef038330e69a08ce5bd6f84a5Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability.
c3242a78aae097bf85be645f4e3403ecCentraleyezer suffers from a remote shell upload vulnerability.
f78de30c506095184f3833df70fa0eb0Optergy versions 2.3.0a and below authenticated file upload remote root code execution exploit.
f65d6a3bb4f0613c29b924c18b98dc3dLinear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.
7cb54d49b3539c9a3b2258832481a863IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.
8ae1f789332dbd08c91e2e0e13536381Dokeos versions 1.8.6.1 and 1.8.6.3 suffer from a remote file upload vulnerability via an fckeditor.
cccfa27ec741adad16c37ee8e387648aFileThingie version 2.5.7 suffers from a remote shell upload vulnerability.
6d9ec5722ce5ba1f24346ee0dacfcb96DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).
36ee8d3d9c4f34baf4548adaddbd4e36Sentrifugo version 3.2 suffers from a file upload restriction bypass vulnerability.
655fed3acb14010214d2abf09b493d71Integria IMS version 5.0.86 suffers from an arbitrary file upload vulnerability that allows for remote command execution.
e5093a3f5921350e30fd4ec8f1a6f85eAn issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions.
30af527bf5f52753a65db1508f231501This Metasploit module exploits the file upload vulnerability of baldr malware panel in order to achieve arbitrary code execution.
778905bbbb01d90fd4b94eba8679d244ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.
10f2847e6a58a0575b56deca98bf9cebThis Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!
0c0971f123e2d1e301ee70a83a0ecda1Ahsay Backup versions 7.x through 8.1.1.50 suffer from authenticated arbitrary file upload and remote code execution vulnerabilities.
8fd75cbde81ba7a873b5e8945de0c63eCisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.
2bd84aa0b859d4eb5b1a69ff91efea19WordPress Satoshi theme version 2.0 suffers from cross site request forgery and remote file upload vulnerabilities.
c35cb6f75567c153b011c7612c626cf3Joomla Attachments component version 3.x suffers from a remote file upload vulnerability.
bd20ed03288d4577ce8abcb06613d91deLabFTW version 1.8.5 suffers from arbitrary file upload and code execution vulnerabilities.
06d4ec4d3b23c885e233b14310048edcThis Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.
6062088ad83896c13ad8c78e57d1baf2GAT-Ship Web Module versions prior to 1.40 suffer from an unrestricted file upload vulnerability.
8c2fb3fc6426dc78470e27e9dc57cdb0This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.
720c50c8ee708b2b3df793d3b1d82de3
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed