MAL-2025-37314 Malicious code in tunezer (npm)

The package tunezer was found to contain malicious code...

IBM DB2 9.7 < FP11 Special Build 37314 / 10.1 < FP6 Special Build 37313 / 10.5 < FP10 Special Build 37311 / 11.1.3 < FP3 JDBC Driver Unsafe Deserialization Local Privilege Escalation (UNIX)

According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to Fix Pack 11 Special Build 37314, 10.1 prior to Fix Pack 6 Special Build 37313, 10.5 prior to Fix Pack 10 Special Build 37311, or 11.1.3 prior to Fix Pack 3. It is, therefore, affected by a loca...

Open Flash Chart 2 Arbitrary File Upload Vulnerability

This Metasploit module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofcuploadimage.php' file in order to upload and execute malicious PHP files. This module requires Metasploit: http//metasploit.com/download Current source:...

OpenEMR - Arbitrary &#039;.PHP&#039; File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "OpenEMR PHP File...

OpenEMR PHP File Upload Vulnerability

This module exploits a vulnerability found in OpenEMR 4.1.1 By abusing the ofcuploadimage.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been test...

Piwik ofc_upload_image.php远程PHP代码执行漏洞

BUGTRAQ ID: 37314 CVECAN ID: CVE-2009-4140 Piwik是一款利用Php+MySQL技术构建的开源网页访问统计系统。 Piwik中使用了open-flash-chart模块执行制表操作，该模块没有正确的过滤提交给ofcuploadimage.php文件的name和HTTPRAWPOSTDATA参数便用于创建文件： ? $defaultpath = '../tmp-upload-images/'; if !fileexists$defaultpath mkdir$defaultpath, 0777, true; $destination =...