CVE-2021-23427 Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...

USN-5057-1 squashfs-tools vulnerability

Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem...

Umbraco CMS 8.9.1 Traversal / Arbitrary File Write

Exploit Title: Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write Authenticated Exploit Author: BitTheByte Description: Authenticated path traversal vulnerability. Exploit Research: https://www.tenable.com/security/research/tra-2020-59 Vendor Homepage: https://umbraco.com/ Version:...

Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated) Exploit

Exploit Title: Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write Authenticated Exploit Author: BitTheByte Description: Authenticated path traversal vulnerability. Exploit Research: https://www.tenable.com/security/research/tra-2020-59 Vendor Homepage: https://umbraco.com/ Version:...

Umbraco CMS 8.9.1 - Directory Traversal

Exploit Title: Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write Authenticated Exploit Author: BitTheByte Description: Authenticated path traversal vulnerability. Exploit Research: https://www.tenable.com/security/research/tra-2020-59 Vendor Homepage: https://umbraco.com/ Version:...

Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...

Cisco Application Policy Infrastructure Controller 安全漏洞

Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco.Cisco Application Policy Infrastructure Controller's API endpoint contains an arbitrary file read/write vulnerability, which can be exploited by an attacker to read...

B.Braun SpaceCom2 代码问题漏洞

The B. Braun SpaceCom2 is a hardware device from B. Braun, Germany, designed to connect to external devices to record data in a patient data management system, PC, or USB memory stick. A security vulnerability exists in versions of the B. Braun SpaceCom2 prior to 012U000062, which allows a remote...

rConfig <= 3.9.6 Multiple Vulnerabilities

rConfig is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Microsoft Exchange ProxyShell Remote Code Execution Exploit

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker to bypass the authentication, impersonate an arbitrary user, and write an arbitrary file to achieve remote code execution. By taking advantage of this vulnerability, you can execute arbitrary...

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

Metasploit Wrap-Up

Anyone enjoy making chains? The community is hard at work building chains to pull sessions out of vulnerable Exchange servers. This week Rapid7's own wvu & Spencer McIntyre added a module that implements the ProxyShell exploit chain originally demonstrated by Orange Tsai. The module also benefite...

CVE-2020-27466

CVE-2020-27466 affects rConfig 3.9.6. The vulnerability is in lib/AjaxHandlers/ajaxEditTemplate.php and is described as an arbitrary file write that allows an attacker to execute arbitrary code via a crafted file. Publicly available connected documents corroborate this as the core issue; however,...

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview elFinder.NetCore is a file manager for Web. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation. PoC Upload the...

Microsoft Exchange ProxyShell RCE

This module exploits a vulnerability on Microsoft Exchange Server that allows an attacker to bypass the authentication CVE-2021-31207, impersonate an arbitrary user CVE-2021-34523 and write an arbitrary file CVE-2021-34473 to achieve the RCE Remote Code Execution. By taking advantage of this...

Lucee Administrator imgProcess.cfm Arbitrary File Write Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...

Lucee Administrator imgProcess.cfm Arbitrary File Write

This module exploits an arbitrary file write in Lucee Administrator's imgProcess.cfm file to execute commands as the Tomcat user. Module Options msf use exploit/linux/http/luceeadminimgprocessfilewrite msf exploitluceeadminimgprocessfilewrite show targets ...targets... msf...

Lucee Administrator imgProcess.cfm Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...