InterPhoto version 2.3.0 suffers from a remote shell upload vulnerability.
5ca35c1825dc45f42cd3a28e602eb0a3285956fa6a3c4b1d41e2cdcc78f49cce
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells (5-7). Successfully tested against Apache nifi 1.17.0 through 1.21.0.
0160a2622a4649020abd8fb0d476ca59d2c4968c668499c8167e44d6c9276020
doorGets CMS version 12 suffers from a remote shell upload vulnerability.
97d5c8bc88580a5e7f6f4f60414bfdf754b1f8d3724c17e6e0de5db2a7c63830
SugarCRM versions 12.2.0 and below suffers from a multiple step remote shell upload vulnerability.
6bee957dcfc710f3709d5cc3ba3aa33ecb6f07d987d6836c2df36e2f2011c8a8
Red Hat Security Advisory 2023-4692-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include cross site request forgery, denial of service, and remote shell upload vulnerabilities.
d9122cb72ed95b3238794cee887418f97639e1010bbe6af474fff461da100916
Evsanati Radyo version 1.0 suffers from a remote shell upload vulnerability.
6f289542a9b2ff6259d9eb3de8975ddf2b290e0ca802dfb52bee485e1ba002f9
Event Locations CMS version 1.0.1 suffers from a remote shell upload vulnerability.
5726fce489985783f22e0f5ecc503fba4dae0b938d62e509a60800df39aafc2c
Emaar Real Estate Agency Directory System version 5.7 suffers from a remote shell upload vulnerability.
2208a9ef6d057665e6e208a9fcf7cb84fba0639ca102f63b041c7f40f53cd112
doorGets CMS version 7.0 suffers from a remote shell upload vulnerability.
0b868db0330a3514cedb1270ea32df3a46154c91c6e4800518ddec2eed3bce20
Webutler version 3.2 suffers from a remote shell upload vulnerability.
22d02e75820e61be78b6ffc04f11672c3e6212206e9a28a62c1a26954c521f0a
WordPress Forminator plugin version 1.24.6 suffers from a remote shell upload vulnerability.
8378541ca682a8780c73997f4293f3825bd66e2889d9430794f6a08c90e86f95
Uvdesk version 1.1.3 suffers from a remote shell upload vulnerability.
785a58fce3185616f8ebb56cc4c3498d9ba2782170d34b1c487a14564309a3e1
CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.
687fc9626b0a4c7e675cd7007c558b29ceea1784dee6326f9ae2ef2465dc6ffe
Online Piggery Management System version 1.0 suffers from a remote shell upload vulnerability.
ee245ecc29f70aa32ae59f177f75712cba8fb94286c05670a180dabc7c7e4783
Pluck version 4.7.18 appears to suffer from a remote shell upload vulnerability.
fde7f8ad023e2123f1e7dd2fa9231bd4c00f7294dce47b1732a8c27cd70a594e
Blackcat CMS version 1.4 suffers from a remote shell upload vulnerability.
31c425552813f33945e4dfb3ace75fbb7ddd4b0e433354f036eb407514488478
phpFM version 1.7.9 suffers from authentication bypass and remote shell upload vulnerabilities.
780a77e094c65d8e508f43f6a553fda3e3591979e1ee07842dcfac817f3d058b
Boomchat version 3.0 suffers from a remote shell upload vulnerability.
ae87a94ccfb3bd0ffe7d71c54532c366a37479d147ce8db19927b96583c761da
BBook version 5.7 suffers from a remote shell upload vulnerability.
804669b61c82ab3a3a6cdc9ca32f0a6e2158053ef362cd4b7ee1ce094b4063c2
Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
4624c32fa88c1256496ddb16ef8578660e852b2894774605d467f2dca0b95882
POS Codekop version 2.0 suffers from a remote shell upload vulnerability.
5aa6755a5b65a13638c64fca7152e27a5e9265f28f9a56f9146dc230387f94af
AngularJS Filemanager version 1.5.1 suffers from a remote shell upload vulnerability.
4fa53e8b719b93ba31d29c0b301d08247cf7d18c49b62b7507599bde0c388ffa
Amazon S3 Droppy version 1.4.6 suffers from a remote shell upload vulnerability.
43cc95379c72d3b0c0c1096ec7abcf6ebf7f654062b8495b331169aae01e0832
Job Board version 1.0 suffers from a remote shell upload vulnerability.
f7203303285c27e34b43e1ca88c500efecfa3ba96a7c0c4199535084be1cc9bc
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.
8935d1e9f61d6f9eb3550ec44e1a8a5d97992b91e55a7456ae2af009097db539