Monospace Directus Headless CMS versions prior to 8.8.2 suffers from .htaccess rule bypass and arbitrary file upload vulnerabilities.
a539b17d7f2faaebf90a4f897e76ae67Atlassian Jira Service Desk version 4.9.1 suffers from a cross site scripting vulnerability via a file upload.
840e289057a75abee3ebef734b12ec0aThis Metasploit module exploits an unauthenticated arbitrary file upload in FortiLogger via an insecure POST request. It has been tested on versions prior to 5.2.0 in Windows 10 Enterprise.
e0599a186c02f74ac877f0ee7bf396adWhitepaper that discusses XXE exploitation via file uploads.
6297f76616d0df90e80a81841b4d2d54Dolibarr ERP/CRM version 11.0.4 authenticated file upload restrictions bypass exploit that achieves remote code execution.
fe74304105aaecf46ea3be88063bb592This Metasploit module exploits an unauthenticated log file upload within the log_upload_wsgi.py file of VMWare View Planner 4.6 prior to 4.6 Security Patch 1. Successful exploitation will result in remote code execution as the apache user inside the appacheServer Docker container.
fdf94c86e405a2eb33104f6978f68b72This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request in SonLogger. It has been tested on version less than 6.4.1 in Windows 10 Enterprise.
0593a294d2d56ed9398dbcfc8185421aThis Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren't exploitable via the webshell technique. Furthermore, writing an SSH public key to /home/vsphere-ui/.ssh/authorized_keys works, but the user's non-existent password expires 90 days after install, rendering the technique nearly useless against production environments. You'll have the best luck targeting older versions of the Linux appliance. The Windows target should work ubiquitously.
db7174f0c4fc0e0b2ac2dea0a4523ebfThis Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request to Fortilogger. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.
986492d22038a772f87e46c47ea24f02VMware vCenter Server version 7.0 unauthenticated arbitrary file upload exploit.
8dcbcd4aa0bd7cc8803e9bfffc6bc6cdTestLink version 1.9.20 suffers from a remote shell upload vulnerability.
ae7a82dc9cd277f7eda03cb9961266caDiscord Probot suffers from an arbitrary file upload vulnerability.
fd81cb48fbf83ef8a47b35f2ebe27490E-Learning System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass and also suffers from remote code execution via file upload functionality.
bd3d65870be0207ac9da305059435137EyesOfNetwork version 5.3 suffers from a remote code execution vulnerability that leverages file upload. Original discovery of remote code execution in this version is attributed to Clement Billac in February of 2020.
080019485e2ef8b6d7f66a5cd8adfc99This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
77c5903183e5519dfd6d1477ae0018a4Incom CMS version 2.0 suffers from an unauthenticated arbitrary file upload vulnerability.
e37477593ca5df2723fa00d2390b8cfaRock RMS suffers from arbitrary file upload, account takeover, and personal information disclosure vulnerabilities. Various versions are affected.
496349ae2fd93f703a324dcbbd378676This Metasploit module exploits an arbitrary file upload vulnerability in FlexDotnetCMS versions 1.5.8 and prior in order to execute arbitrary commands with elevated privileges.
49d8406c21ab8ebe76041ae803166693CMS Made Simple version 2.2.15 suffers from a persistent cross site scripting vulnerability via an authenticated SVG file upload.
23f9b1ff24fb45885fbf0f6a1744a482Laravel Administrator version 4 suffers from an unrestricted file upload vulnerability.
b32ad26683689ce39aae3cd95365fc83Moodle version 3.8 suffers from an arbitrary file upload vulnerability.
4bf530ba008f828cff2639ab14956f02WordPress Fancy Product Designer for WooCommerce plugin versions 4.5.1 and below suffer from an unauthenticated arbitrary file upload vulnerability.
a23fbe7a9101f368564e24a1ccaad929This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileupload. The server will rename this file to a random string. The module will therefore attempt to change the filename back to the original name via an HTTP POST request to /admin/file-manager/rename. For the php target, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to /storage/file_name.
b1586e133ec28d35e83ec172e95fe1d0Ubuntu Security Notice 4590-1 - It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code.
179fd7eba43ef7a3691ef8f62753e5e7ReQuest Serious Play F3 Media Server version 7.0.3 suffers from an unauthenticated remote code execution vulnerability. Abusing the hidden ReQuest Internal Utilities page (/tools) from the services provided, an attacker can exploit the Quick File Uploader (/tools/upload.html) page and upload PHP executable files that results in remote code execution as the web server user.
27df19dca8c37dc3db671041baa681bf
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed