Ubuntu Security Notice 4590-1 - It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code.
179fd7eba43ef7a3691ef8f62753e5e7ReQuest Serious Play F3 Media Server version 7.0.3 suffers from an unauthenticated remote code execution vulnerability. Abusing the hidden ReQuest Internal Utilities page (/tools) from the services provided, an attacker can exploit the Quick File Uploader (/tools/upload.html) page and upload PHP executable files that results in remote code execution as the web server user.
27df19dca8c37dc3db671041baa681bfSage DPW versions 2020_06_000 and 2020_06_001 suffer from cross site scripting and unauthenticated malicious file upload vulnerabilities.
524445f4adeb021b41c82c7d3a160f5bopenMAINT version 1.1-2.4.2 suffers from an arbitrary file upload vulnerability.
1e4843b975a1cb67fdef303a4b35c16fThis Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).
f3fcdcf0924156e882b29740d16480f8Seat Reservation System version 1.0 suffers from an unauthenticated file upload vulnerability that allows for remote code execution.
f3302d01404a38c2cf0a759d35184237All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from an arbitrary file upload vulnerability.
c009d2120232537634c05881dd75c693Joomla GMapFP component versions J3.5 and J3.5F suffer from an unauthenticated arbitrary file upload vulnerability.
9c9258b91b93df640a00425477cf2e15flatCore CMS versions 1.5.5 and below suffer from cross site scripting and arbitrary file upload vulnerabilities.
b4c0b5682efb708e59bbe189e31c8dc7Online Shopping Alphaware version 1.0 suffers from an arbitrary file upload vulnerability.
ac99c740e91732de1ca528611dc05ba5October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.
a79e40ac7fff8141301027b2d8a73d91This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.
3aee05fb3bfa3e3eb0452ce7bbf7bdfbSocket.io-file versions 2.0.31 and below suffer from an arbitrary file upload vulnerability.
036513b2828cb0405115bfde1a5912eeLibreHealth version 2.0.0 authentication remote code execution exploit that leverages file upload.
fdb429c0607ceadf1536570f0e8ac8d9WonderCMS versions 3.1.0 and below suffer from directory traversal, persistent cross site scripting, and file upload vulnerabilities.
c87a3407d183c31bf41f5245e885cf76Webtareas versions 2.1 and 2.1p suffer from unauthenticated file uploads that allow for remote code execution and expose directory listings.
411b5ebef9a23a0632621a466851bcb3This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands.
09ec42ff94266d8b91d8385b7c530d7bOnline Student Enrollment System version 1.0 suffers from an unauthenticated arbitrary file vulnerability.
82d4e855a4f70039fa7c52673309699cSmarterMail 16 suffers from an arbitrary file upload vulnerability.
72450c5aaab572c56de94f8bfdb91744Whitepaper called Exploiting Unrestricted File Upload via Plugin Uploader in WordPress.
82ef663315bfdc3aa371270f39bd15b1This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.
8741d1320b67d5240a0da5c63f0f5065WordPress Drag and Drop File Upload Contact Form plugin version 1.3.3.2 suffers from a remote shell upload vulnerability.
415c8b9b89531c519f109fc5a2a6d49fqdPM version 9.1 suffers from an arbitrary file upload vulnerability.
c0684c8ac1441ffc8176dc2bad26f3b4CuteNews version 2.1.2 suffers from a remote shell upload vulnerability.
854221f3da517dea5c1d414090b7e5dfKartris version 1.6 suffers from an arbitrary file upload vulnerability.
3fb1d8c04e9f6ea8b0c57bde2a354ab3
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed