Gold Filled CRM version 2.0 suffers from an unauthenticated arbitrary file upload vulnerability.
7df5256a62f4b26f1e4415c585d3fa307a8092cdea4dec86c2b611cd1e38214dERPGo SaaS CRM version 3.3 suffers from an arbitrary file upload vulnerability.
75550497f441c15436243b166bf836846ad5f220742342f795cbab8cded44902Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.
16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1bWordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability.
cda2f52f6b43d9a253406aa83b3d7934624dc39c1c6c8f9a0240d741e6ae5fa3PrestaShop version 1.7.6.7 suffers from a cross site scripting vulnerability via the file upload functionality.
fd8caaa9cec4a7055dd238f60bb28982f0acab62605c410f5808fff8eccaa174This Metasploit module exploits the file upload vulnerability of Multi Language Pharmacy Management System to achieve remote code execution.
742456930e5e52c2ee76502248a99373d271bc23c86a2afc2380664719fcc4cbe107 CMS version 3.2.1 suffers from cross site scripting and arbitrary file upload vulnerabilities that can allow for a shell upload.
3ae8caceae21f93d20493507ca607ad9781c300dc643e858c7c2ac8aa48b23b5WordPress Advanced Uploader plugin versions 4.2 and below suffer from a remote shell upload vulnerability.
d6da47e9cfa89f863bdbab26f72fb5536450efbf87365b7899f665f69f1edd2aImpressCMS version 1.4.4 suffers from an arbitrary file upload due to a weak blacklisting methodology for file extensions.
e3a1d424f71f1feb571e0ac4b2912e399c1c124ebdfb5d9e83276acd5816f7e8TLR-2005KSH suffers from an arbitrary file upload vulnerability.
f7ccc88ff2a331dfcd6837d903e8a8b9647905703b086149bc856a1f4d52c2d9This Metasploit module abuses a vulnerability in certain WSO2 products that allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.
7bdab9b3101da4ba2df8ff1f6a558171e4d8a503d4d44bcbaf0347587fa69a4dPHPGurukul Zoo Management System version 1.0 suffers from a remote shell upload vulnerability.
dca1f178a16cf53e52736d7b787820a9fbabb32e64848116ca5fc2680795d6d7Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability.
56429affeb38a91070ee24b0aaf512970594ce033504501832983da83e9dea5aFoxit PDF Editor (iOS) version 11.3.1 suffers from an arbitrary file upload vulnerability.
eee6585def5e7c7d4e32865c6af95620ceb8365f388cac02687c0e833289acfaUbuntu Security Notice 5269-1 - Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issue to cause Django to hang, resulting in a denial of service.
44ead4d24055dc9998855e1e79daf13648af011234c8ab7db00a1edd78b0a0fcLanda Driving School Management System version 2.0.1 suffers from an arbitrary file upload vulnerability.
1e684f4bf2740af67139b537773580e9c66f842543ab7922604bfaaf83b03922This Metasploit module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE (msiexec.exe) and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The module will check for an exploitable build.
244ae2538bc9ec8f90e308561999a95ddf997764203cb31dbd2e32b039b73273AbanteCart e-commerce platform versions prior to 1.3.2 suffer from cross site scripting and file upload vulnerabilities.
1d18e94320294ca7bb9c057c9b6c90c647799d170ceda260890a08b559774f32Online Learning System version 2.0 remote code execution exploit that leverages SQL injection, authentication bypass, and file upload vulnerabilities.
e13c0631f420057004b808a4af6435c2db1224089738b4762896aa208c6c4df8This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user.
674d3772ec48b70f0ba624c93a36ffde9a6d313b18359aa19702fc270257ff56Alchemy CMS versions 2.x through 6.0.0 suffers from an arbitrary file upload vulnerability.
6bd3ac8df72360c8b2283948f43f6eca26db0404536d856dac8456679bf76b08This Metasploit module exploits a file upload in VMware vCenter Server's analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default.
036b2591e4ef8beb3558c821f06ea5bf7c27f8226edd7019163d2a719de158acCollege Management System version 1.0 suffers from an arbitrary file upload vulnerability.
86c8805556c5e66a65a17ebcb0557527109d4682af2a0bb382e6b163bb6ceb14Phpwcms version 1.9.30 suffers from a cross site scripting vulnerability via the file upload functionality.
b13080fa702d0a623b11c613c2d06c2c1b46321813ade15e2e32f9ac9fab0c42ECOA building automation systems suffer from path traversal and arbitrary file upload vulnerabilities. Many versions are affected.
ea7f9bd9279b87a7dac72d39679684829a62542b790b1b70e36bca9e2ed2428b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed