Aruba Networks CPPM Directory Traversal Vulnerability (CNVD-2015-03506)

Aruba Networks ClearPass Policy Manager is an advanced policy management platform for role- and device-based network access control. A directory traversal security vulnerability exists in Aruba Networks ClearPass Policy Manager CPPM, which can be exploited by a remote administrator to execute...

CVE-2015-4032

projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors...

Multiple WordPress UpThemes Themes - Arbitrary File Upload

Exploit Title: Wordpress SimpleCart Theme File Upload and Execution Google Dork: inurl:/wp-content/themes/simplecart Date: 31 March 2015 Exploit Author: Divya Vendor Homepage: https://github.com/UpThemes/ Software Link: https://github.com/UpThemes/SimpleCart-Theme Version: 2.1.2 Tested on: Window...

UBUNTU-CVE-2015-2775

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. dot dot in a list name...

KLA10502 Multiple vulnerabilities in BACnet OPC Server

Multiple critical vulnerabilities have been found in BACnet OPC Server. Malicious users can exploit these vulnerabilities to execute arbitrary files and read&write local database. Below is a complete list of vulnerabilities 1. An unknwon vulnerabilities can be exploited remotely via unknown vecto...

KIE Workbench Arbitrary File Execution Vulnerability

KIE Workbench is a set of JAVA-based development of open source BPM business process management of the complete release , including all the BPM and rules module . An arbitrary file execution vulnerability exists in KIE Workbench 6.0.x that could allow an authenticated remote user to read or write...

PicketBox JBossSX Arbitrary File Execution Vulnerability

PicketBox is a set of java security framework , it provides developers with authentication , authorization , auditing and security mapping functions . An arbitrary file execution vulnerability exists in PicketBox JBossSX, which allows remote authenticated users to exploit the vulnerability to rea...

ferretCMS 1.0.4-alpha Cross Site Scripting / SQL Injection

Advisory: Advisory ID: SROEADV-2015-10 Author: Steffen Rösemann Affected Software: ferretCMS v. 1.0.4-alpha Vendor URL: https://github.com/JRogaishio/ferretCMS Vendor Status: vendor will patch eventually CVE-ID: - Tested on: - Firefox 35, Iceweasel 31 - Mac OS X 10.10, Kali Linux 1.0.9a...

Osclass 3.4.2 Shell Upload

--------------------------------------------------------------------- Osclass redirectTo osccontacturl ; 107. 108. 109. if !moveuploadedfile$tmpName, $path 110. unset$path; 111. 112. 113. The vulnerability exists because of the "CWebContact::doModel" method not properly verifying the extension of...

ProjectSend Arbitrary File Upload

This module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user. This module requires Metasploit: https://metasploit.com/download Current...

Microsoft .NET Framework 'iriParsing' Remote Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Technologies Affected...

CVE-2014-6433

CVE-2014-6433 concerns gpExec in the GoPro HERO 3+. The vulnerability arises from insufficient parameter validation for the a1/a2 parameters when the start action is invoked (c1/c2 set to start), enabling remote code execution. The primary publicly referenced detail is the ZDI advisory (ZDI-14-34...

Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities

The JSST and the Joomla! Security Center report: 20140903 - Core - Remote File Inclusion Inadequate checking allowed the potential for remote files to be executed. 20140904 - Core - Denial of Service Inadequate checking allowed the potential for a denial of service attack...

TP-Link TL-WR841N TL-WR841ND - Multiple Vulnerabilities

TP-Link TL-WR841N TL-WR841ND - Multiple Vulnerabilities Title: TP-LINK Model No. TL-WR841N / TL-WR841ND - Multiple Vulnerabilities Date: 30.06.14 Vendor: TP-LINK Affected versions: TL-WR841N / TL-WR841ND Tested on: Firmware Version - 3.13.27 Build 121101 Rel.38183n, Hardware Version - WR841N v8...

Watchful Client (watchful.li extension), 1.9.0 and lower

Extension was not preventing execution of files outside of the framework, and therefore enabling potential unwanted information disclosure and other attacks using weak hash key implementation. Update to version 1.9.1 : https://watchful.li/news/watchful-1-9-1-released.html...

WordPress <= 2.8.5 - Unrestricted File Upload Arbitrary PHP Code Execution

...

Artmedic Event Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17736/info Artmedic Event is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an...

Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4752/info An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web server may provide content with misleading values in...

Opera 7.22 - File Creation and Execution Exploit (Webserver)

No description provided by source. !/usr/bin/perl Sample code of Opera 7 Arbitrary File Auto-Saved Vulnerability. This Exploit will run a webserver that will create and execute a batch file on the victim's computer when visiting this malicious server This perl script is a small HTTP server for a...

Windows Service Trusted Path Privilege Escalation

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require...