InterPhoto version 2.3.0 suffers from a remote shell upload vulnerability.
5ca35c1825dc45f42cd3a28e602eb0a3285956fa6a3c4b1d41e2cdcc78f49cceThe DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells (5-7). Successfully tested against Apache nifi 1.17.0 through 1.21.0.
0160a2622a4649020abd8fb0d476ca59d2c4968c668499c8167e44d6c9276020doorGets CMS version 12 suffers from a remote shell upload vulnerability.
97d5c8bc88580a5e7f6f4f60414bfdf754b1f8d3724c17e6e0de5db2a7c63830SugarCRM versions 12.2.0 and below suffers from a multiple step remote shell upload vulnerability.
6bee957dcfc710f3709d5cc3ba3aa33ecb6f07d987d6836c2df36e2f2011c8a8Red Hat Security Advisory 2023-4692-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include cross site request forgery, denial of service, and remote shell upload vulnerabilities.
d9122cb72ed95b3238794cee887418f97639e1010bbe6af474fff461da100916Evsanati Radyo version 1.0 suffers from a remote shell upload vulnerability.
6f289542a9b2ff6259d9eb3de8975ddf2b290e0ca802dfb52bee485e1ba002f9Event Locations CMS version 1.0.1 suffers from a remote shell upload vulnerability.
5726fce489985783f22e0f5ecc503fba4dae0b938d62e509a60800df39aafc2cEmaar Real Estate Agency Directory System version 5.7 suffers from a remote shell upload vulnerability.
2208a9ef6d057665e6e208a9fcf7cb84fba0639ca102f63b041c7f40f53cd112doorGets CMS version 7.0 suffers from a remote shell upload vulnerability.
0b868db0330a3514cedb1270ea32df3a46154c91c6e4800518ddec2eed3bce20Webutler version 3.2 suffers from a remote shell upload vulnerability.
22d02e75820e61be78b6ffc04f11672c3e6212206e9a28a62c1a26954c521f0aWordPress Forminator plugin version 1.24.6 suffers from a remote shell upload vulnerability.
8378541ca682a8780c73997f4293f3825bd66e2889d9430794f6a08c90e86f95Uvdesk version 1.1.3 suffers from a remote shell upload vulnerability.
785a58fce3185616f8ebb56cc4c3498d9ba2782170d34b1c487a14564309a3e1CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.
687fc9626b0a4c7e675cd7007c558b29ceea1784dee6326f9ae2ef2465dc6ffeOnline Piggery Management System version 1.0 suffers from a remote shell upload vulnerability.
ee245ecc29f70aa32ae59f177f75712cba8fb94286c05670a180dabc7c7e4783Pluck version 4.7.18 appears to suffer from a remote shell upload vulnerability.
fde7f8ad023e2123f1e7dd2fa9231bd4c00f7294dce47b1732a8c27cd70a594eBlackcat CMS version 1.4 suffers from a remote shell upload vulnerability.
31c425552813f33945e4dfb3ace75fbb7ddd4b0e433354f036eb407514488478phpFM version 1.7.9 suffers from authentication bypass and remote shell upload vulnerabilities.
780a77e094c65d8e508f43f6a553fda3e3591979e1ee07842dcfac817f3d058bBoomchat version 3.0 suffers from a remote shell upload vulnerability.
ae87a94ccfb3bd0ffe7d71c54532c366a37479d147ce8db19927b96583c761daBBook version 5.7 suffers from a remote shell upload vulnerability.
804669b61c82ab3a3a6cdc9ca32f0a6e2158053ef362cd4b7ee1ce094b4063c2Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
4624c32fa88c1256496ddb16ef8578660e852b2894774605d467f2dca0b95882POS Codekop version 2.0 suffers from a remote shell upload vulnerability.
5aa6755a5b65a13638c64fca7152e27a5e9265f28f9a56f9146dc230387f94afAngularJS Filemanager version 1.5.1 suffers from a remote shell upload vulnerability.
4fa53e8b719b93ba31d29c0b301d08247cf7d18c49b62b7507599bde0c388ffaAmazon S3 Droppy version 1.4.6 suffers from a remote shell upload vulnerability.
43cc95379c72d3b0c0c1096ec7abcf6ebf7f654062b8495b331169aae01e0832Job Board version 1.0 suffers from a remote shell upload vulnerability.
f7203303285c27e34b43e1ca88c500efecfa3ba96a7c0c4199535084be1cc9bcThis Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.
8935d1e9f61d6f9eb3550ec44e1a8a5d97992b91e55a7456ae2af009097db539
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed