Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.
d8e9402b9604c3706a2115909b60726c461d0262c2196626918539a2164e5352
PHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.
69aa4aacb58fc312485978e341d93b5ea3b1cb194a17714065b2bf439c337cd5
Air Sender version 1.0.2 for iOS suffers from an arbitrary file upload vulnerability.
a14b5d2f646f6165a431ce48859d7864075a081083d1b18d936ddaab47e98f1d
Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities.
b0f783dd4aa412caeaa6e4c50fde08b54f10401f9c81abbfdf18170d2f268985
Ubuntu Security Notice 4330-1 - It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. Various other issues were also addressed.
103beb00d1081229c9f84f14247061058d88af29920494f71828b3a45201dd63
WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.
2029bbf836e7de4bb57eb88c7f5f10198718d2552a017080a1b57d33050ff81d
Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability.
8f0e82084a9508b9e75b3daa6af8a23743274a4648760ef5cda5f9df1cf279be
DotNetNuke CMS version 9.5.0 suffers from file extension check bypass vulnerability that allows for arbitrary file upload.
3ebf9bd3e2a530a983c3320a442ce6dc9f95b838d5b8220e87da6bd1463f660b
SmartClient version 120 suffers from information disclosure, local file inclusion, remote file upload, and XML external entity injection vulnerabilities.
0584b6270f1db59d1c5e1da7181bd5c51e17f12a96b2b67440807fd5a43caa92
Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability.
29a1415af9bd66ab7d42e7bc62b1ff4cbaf0999ef20d117cdf573492b7c6c2b5
Centraleyezer suffers from a remote shell upload vulnerability.
bc09fddb5d076496f0d59495eef17f0532cc279c9de1f6f8b7f3efba56124ba8
Optergy versions 2.3.0a and below authenticated file upload remote root code execution exploit.
9ef87c068e85208192c705e15c25bc184b6e18d6d58fe95d4765639333b50826
Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.
8b00c7753c7b2cb25d0cfbbff3c3441c86babe038246d890f6dec2e6177d4a9b
IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.
678846b330bb25aef207cbc3ab7747185ce598f22867e982d5957674140dcefe
Dokeos versions 1.8.6.1 and 1.8.6.3 suffer from a remote file upload vulnerability via an fckeditor.
a34c5bc273539d18504d7ef6b95850754f1b0d7d3e22ab812753d75fb41c2d49
FileThingie version 2.5.7 suffers from a remote shell upload vulnerability.
aae960486af85882de11fa5806bb54d18154a4ffe010539eb31f70fb9650558f
DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).
94163d73db872c81ba5ce8506f3d9deded66f21e352e87fbb9269f202301c37e
Sentrifugo version 3.2 suffers from a file upload restriction bypass vulnerability.
b2ddc21cc34e199f03eedef6284b088fa2d72d49ab537de7e5b2543954cdb82f
Integria IMS version 5.0.86 suffers from an arbitrary file upload vulnerability that allows for remote command execution.
bd973a0f1430cd8c8f046b36e4917552e543800e890f19c1737c864cfc5f4485
An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions.
4aa6bca41dc1a9b95104a9962adaf6cfeb18342762584bfa43d2b396f68308c2
This Metasploit module exploits the file upload vulnerability of baldr malware panel in order to achieve arbitrary code execution.
4da9fd2ffdcce769456b0f4efa3464cdc760398d6c00430570f596892e606f78
ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.
68b1f5ef4f43ce98748eca51235dfb77dab8a8340683912b52e996264a98eec7
This Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!
83afb5ef0b4fb3cbf8a67a2f3aef040fe1e3f8026ef03cddf56dee9c7ba91e49
Ahsay Backup versions 7.x through 8.1.1.50 suffer from authenticated arbitrary file upload and remote code execution vulnerabilities.
8f297f63226a55c017752fbfc4e3ad2b92918ea609bfd8418e0ea5ca9cf59421
Cisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.
dfd36cfbc7507485cec0e3cf8334543371b3ffebfedce49529db5c62ccf35e6c