CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.
ad2667b2518dc48fc775c2bce95ae340CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.
2221652ee89c73f5809f4205dcbfb0d2This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.
d99806184924b3c9ff46a07a219526b9This Metasploit module exploits an arbitrary file upload vulnerability in Feng Office version 3.7.0.5. The application allows unauthenticated users to upload arbitrary files. There is no control of any session. All files are sent under /tmp directory. The .htaccess file under the /tmp directory prevents files with the php, php2, and php3 extensions. This exploit creates the php payload and moves the payload to the main directory via shtml. After moving the php payload to the main directory, the exploit executes payload and receives a shell.
fd4c717a95e850f0b81235df10b31b52Joomla Alberghi component version 2.1.3 suffers from arbitrary file upload and remote SQL injection vulnerabilities.
e9ac9d615c9d64ae523ed189c083e1c9Webiness Inventory version 2.3 suffers from an arbitrary file upload vulnerability.
73c24a7e6e180538e4d37581306f9149Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability.
0550a15a99693c1fd9ccbf83909a337aUniSharp Laravel File Manager version 2.0.0-alpha7 suffers from an arbitrary file upload vulnerability.
4b844402ebcb3ecb1af226481accbefdWordPress Jssor-Slider plugin version 3.1.24 suffers from cross site request forgery and remote file upload vulnerabilities.
f7eac41409534851aa3d5cda1ce85010TinyMCE JBimages plugin versions 3.x from JustBoilMe suffers from an arbitrary file upload vulnerability.
9b975cf5bb98fdb6ec65718c028992a3Slims CMS Senayan Library Management System version 7.0 suffers from a remote shell upload vulnerability.
d5be7d73783868baa48653a63e6a6a0dRVSiteBuilder RVGlobalSoft CMS version 7.0 suffers from bypass, database disclosure, file download, path disclosure, remote file upload, and remote SQL injection vulnerabilities.
3c019473a8382ff8cf5b15499f6ea3abJoomla RSForm component version 1.5 suffers from database disclosure and remote SQL injection vulnerabilities.
e2524bc32be163c37b6de12a3f46091cBlueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.
e2fcb7c12aedd4cbe1a64e468bb035e4Desarrollado por Creator Solution Argentina, Desarrollado por Diaz Creativos Venezuella, Desenvolvido por Ritech Sistemas Brazil, Desarrollado por Rodrigo Guidetti RG21 Argentina, and Criacao sitesrapidos.com.br Web Design Brazil suffer from remote SQL injection vulnerabilities. Desarrollado por Diaz Creativos Venezuella also suffers from a file upload vulnerability.
fc93865a9d598af487c83d0b9afc4afcA file upload vulnerability exists in the CKEditor of Adobe ColdFusion 11 (Update 14 and earlier).
1295c307779f896cb864d27811f2dbd7Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a stored cross site scripting vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in a user's browser session in context of an affected site.
c29aaada51feda9d709457babad0536eRoxy Fileman version 1.4.5 suffers from remote file upload and directory traversal vulnerabilities.
f18d3ae1fe4f8aea768cdfcb18391024Joomla JCE component versions 2.6.7.1 through 2.6.33 suffer from an arbitrary file upload vulnerability.
5c23c1abd98f1e33707301cc61401134Miss Marple Enterprise Edition versions prior to 2.0 suffer from arbitrary file upload, hardcoded AES key, validation bypass, and other vulnerabilities.
5fc5d23b1a1b5d01c8a5758c57afca63Alive Parish version 2.0.4 suffers from remote file upload and remote SQL injection vulnerabilities.
d2b89a0fba49d3310072b02564c19b23Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing. The file upload vulnerability should have been fixed in versions 3.4.1 and 3.3.1 Update 02.
2c9170145359581c4c8d1c13f564bce3This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been exploited in the wild since at least 2015 and was publicly disclosed to the vendor in 2018. It has been present since the .htaccess change in Apache 2.3.9. This Metasploit module provides a generic exploit against the jQuery widget.
dc66674939d313842bacc7cddcbdd16cSchool Event Management System version 1.0 suffers from a remote shell upload vulnerability.
22cc8d03383f452cd7bd0eb86aa46ab6MPS Box version 0.1.8.0 suffers from an arbitrary file upload vulnerability.
ccab64508e10d8e12c3713d79de0baf6
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed