GHSA-FF4W-8CHR-W2X9 SiteServer CMS RCE via unsafe file upload

A issue was discovered in SiteServer CMS prior to version 6.12. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted...

SiteServer CMS RCE via unsafe file upload

A issue was discovered in SiteServer CMS prior to version 6.12. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted...

7-zip - Code Execution / Local Privilege Escalation Exploit

Exploit Title: 7-zip - Code Execution / Local Privilege Escalation Exploit Author: Kağan Çapar Vendor homepage: https://www.7-zip.org/ Software link: https://www.7-zip.org/a/7z2107-x64.msi Version: 21.07 and all versions Tested On: Windows 10 Pro x64 References:...

CVE-2021-43484

A Remote Code Execution RCE vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request...

Simple Client Management System SQL注入漏洞

Simple Client Management System is a simple client management system by Carlo Montero Personal Developer. A security vulnerability exists in Simple Client Management System 1.0 in create.php due to a Remote Code Execution RCE vulnerability due to an inability to validate the extension of a file...

CVE-2022-0687

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role...

Spoofing

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role...

File Upload Restriction Bypass leading to Stored XSS Vulnerability

Description File Upload Restriction Bypass leading to Stored XSS Vulnerability, by leveraging file extension vbhtm, vbhtml, soap, even any extension ends with html e.g. aahtml, bbhtml Proof of Concept Step 1 Access https://www.showdoc.com.cn/attachment/index Step 2 Prepare a file with content bel...

CVE-2021-24216

CVE-2021-24216 — All-in-One WP Migration (WordPress) Affected software: WordPress All-in-One WP Migration plugin prior to version 7.41. Vulnerability: The plugin does not validate uploaded files’ extensions, enabling administrators to upload PHP files on their site, including multisite installati...

DEBIAN-CVE-2021-23180

A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in fileextension,in file.c may lead to execute arbitrary code and denial of service...

The vulnerability of TP-Link TL-WR940N router’s microprogramming software lies in the overflow of buffers on the stack, allowing an attacker to execute arbitrary code.

The vulnerability of TP-Link TL-WR940N router’s microprogramming software is related to buffer overflows during syntax analysis of file extension names. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Microweber 1.2.11 Shell Upload

Exploit Title: Microweber 1.2.11 - Remote Code Execution RCE Authenticated Google Dork: NA Date: 02/17/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber Version: 1.2.11 Tested on: KALI OS CVE :...

CVE-2022-24984

Forms generated by JQueryForm.com before 2022-02-05 if file-upload capability is enabled allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content...

SMBSR - Lookup For Interesting Stuff In SMB Shares

Well, SMBSR is a python script which given a CIDR/IP/IPfile/HOSTNAMEs enumerates all the SMB services listening 445 among the targets and tries to authenticate against them; if the authentication succeed then all the folders and subfolders are visited recursively in order to find secrets in files...

Mageia: Security Advisory (MGASA-2020-0276)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This...

CVE-2021-43855 Stored XSS via SVG in Requarks/wiki

Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This...

phpKF CMS 3.00 Beta y6 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It is a very popula...

Mozilla Rust has an unspecified vulnerability (CNVD-2022-03131)

A security vulnerability exists in Mozilla Rust, a general-purpose, compiled programming language from the Mozilla Foundation. The vulnerability stems from the fact that security-related validation of file extensions may be compromised. The NSString method used to convert to a string may return...

GHSA-H352-G5VW-3926 Improper Input Validation in fruity

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::fromptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, th...