Authentication flaw

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device...

CVE-2022-3575

Frauscher Sensortechnik GmbH FDS102 (FAdC R2 and FAdCi R2) versions 2.8.0–2.9.1 are affected by an unauthenticated upload of malicious code via the configuration upload feature, enabling a complete compromise of the FDS102 device. The root cause is an authentication bypass in the configuration up...

Frauscher Sensortechnik FDS102 代码问题漏洞

The Frauscher Sensortechnik FDS102 is a diagnostic system device from Frauscher. A code issue vulnerability exists in the Frauscher Sensortechnik FDS102 that originates from uploading malicious code without authentication via the configuration upload function...

Code injection

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application...

VulnCheck KEV: CVE-2022-26501

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

Illumina Local Run Manager 代码注入漏洞

Illumina Local Run Manager is an integrated solution from Illumina, Inc. Illumina Local Run Manager is vulnerable to code injection, which could be exploited by attackers to remotely upload and execute code at the operating system level...

PT-2022-17696 · Modx · Modx Revolution

Name of the Vulnerable Software and Affected Versions: MODX Revolution versions 2.8.3-pl and earlier Description: The issue allows remote authenticated administrators to execute arbitrary code by uploading an executable file. This is possible because the Uploadable File Types setting can be chang...

LimeSurvey 代码问题漏洞

LimeSurvey PHPSurveyor is an open source online questionnaire program from the LimeSurvey team that supports survey program development, survey posting, and data collection. LimeSurvey 5.2.4 suffers from a code issue vulnerability that allows remote malicious users to upload arbitrary PHP code...

Leostream Connection Broker 代码问题漏洞

Leostream Connection Broker is a vendor-neutral connection broker from Leostream USA that provides a single interface to manage a range of operating systems, physical and virtual desktops, and display protocols commonly found in enterprise environments. A security vulnerability exists in Leostrea...

Croogo 3.0.2 Remote Code Execution

Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Date: 05/12/2021 Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Arbitrary code upload vulnerability in Database restore CWE-434 - CVE-2021-41279 CVE-2021-41243 Akagi Yusuke of NTT-ME CORPORATION reported this...

JVN#81376414: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:N/AC:L/Au:S/C:C/I:C/A:C| Base Score: 9.0...

SourceCodester Phone Shop Sales Management System 代码问题漏洞

SourceCodester Phone Shop Sales Management System is a PHP project called Phone Shop Sales Management System by SourceCodester USA. The project manages phone store sales transactions. A file upload vulnerability exists in SourceCodester Phone Shop Sales Management System, which can be exploited b...

CVE-2020-25790

Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being...

PT-2020-6318 · WordPress · Wp File Manager

Name of the Vulnerable Software and Affected Versions: wp-file-manager plugin versions prior to 6.9 Description: The issue allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This allows attacker...

Malicious Package in mysql-koa

This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise...

phpCollab Arbitrary File Upload Vulnerability

phpCollab is a set of Web-based project collaboration management software. The software features task assignments, discussions, logs and notifications. An arbitrary file upload vulnerability exists in phpCollab. An attacker can exploit the vulnerability to upload malicious php files...

Guangzhou Qibo Network Technology Co., Ltd. Qibo cms has XSS vulnerability

Qibo CMS system is an open source CMS system that provides a variety of modules including articles, images, downloads, shopping malls, built-in features, orders, exams and more. Guangzhou Qibo Network Technology Co., Ltd. Qibo CMS XSS vulnerability, attackers can use the vulnerability in the...

PT-2019-4193 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions 8.1.1 through 8.2.0 Description: The issue is related to an insecure setting in the default solr.in.sh configuration file, which enables JMX monitoring without authentication on the RMI PORT default port 18983. This could...

Malicious Package

Overview This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise. References GitHub Advisory...