Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload

This module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The networksslupload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a dire...

Unrestricted file upload

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...

Unrestricted file upload

Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...

Unrestricted file upload

Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory...

CVE-2015-2780

Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory...

CVE-2015-2780

Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory...

Design/Logic Flaw

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the 1 "Install and Update" or 2 Backup super administrator function via the view parameter in a direct request to fiyo/dapur...

CVE-2014-9148

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the 1 "Install and Update" or 2 Backup super administrator function via the view parameter in a direct request to fiyo/dapur...

CVE-2017-14942

Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie...

Unrestricted file upload

Multiple unrestricted file upload vulnerabilities in the 1 imageSubmit and 2 proofsubmit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

Unrestricted file upload

Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file...

DataTaker DT80 dEX 1.50.012 - Information Disclosure

Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: CVE-2017-11165 Vendor: ===============...

CloudView NMS Information Disclosure Vulnerability

CloudView NMS is a network management and monitoring system that automatically discovers, monitors and performs tasks from CloudView NMS USA. A security vulnerability exists in CloudView NMS versions prior to 2.10a. A remote attacker could exploit the vulnerability by sending a direct request to...

Information disclosure

CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def...

Information disclosure

Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and camserviceenable.cgi...

CVE-2016-5076

CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def...

Information disclosure

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 data/users/.xml, 2 backups/users/.xml.bak, 3 data/other/authorization.xml, or 4 data/other/appid.xml...

Information disclosure

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 plugins/anonymousdata.php or 2 plugins/InnovationPlugin.php, which reveals the installation path in an error message...

Unrestricted file upload

Unrestricted file upload vulnerability in the 1 myAccount, 2 projects, 3 tasks, 4 tickets, 5 discussions, 6 reports, and 7 scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the...

CVE-2014-8722

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 data/users/.xml, 2 backups/users/.xml.bak, 3 data/other/authorization.xml, or 4 data/other/appid.xml...