TeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution

Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux Exploitation: Remote Risk : Very High ========= The Bug...

Kirby CMS <= V2.1.0 文件上传漏洞

1.漏洞分析 漏洞程序下载地址： http://download.getkirby.com/files/kirby-2.1.0.zip panel/app/controllers/api/files.php 220行 php ifstrtolower$file-extension == kirby-option'content.file.extension', 'txt' throw new Exception'Content files cannot be uploaded'; else ifstrtolower$file-extension == 'php' or...

Code injection

The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it...

CVE-2015-7309

CVE-2015-7309 impacts Bolt CMS: the theme editor (pre-2.2.5) does not validate file extensions when renaming files, enabling remote authenticated users to execute arbitrary PHP code by renaming a crafted file and then directly accessing it. The vulnerability stems from the lack of extension check...

SysAid Help Desk Administrator Portal Arbitrary File Upload-vulnerability warning-the black bar safety net

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SysAid Help Desk Administrator Portal Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in...

Msfvenom Payload Creator: MPC

Msfvenom Payload Creator MPC is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible only requiring one input to produce their payload. Fully automating msfvenom & Metasploit is the end goal well as to be be able to automate MPC itself...

SysAid Help Desk Administrator Portal Arbitrary File Upload Exploit

This Metasploit module exploits a file upload vulnerability in SysAid Help Desk. The vulnerability exists in the ChangePhoto.jsp in the administrator portal, which does not handle correctly directory traversal sequences and does not enforce file extension restrictions. You need to have an...

Design/Logic Flaw

PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php...

Immunity Debugger 1.85 - Crash (PoC)

Title: Immunity Debugger - Crash Date: 08/07/2015 Author: Arsyntex Vendor Homepage: http://www.immunityinc.com/products/debugger/ Version: v1.85 Tested on: Windows 8.1 Pro Incorrect path/file EXtEnsion parsing. -Create folder with the name: .exe.exe and put any program inside and try debug it. -T...

Immunity Debugger 1.85 - Crash (PoC)

Immunity Debugger 1.85 - Crash PoC Title: Immunity Debugger - Crash Date: 08/07/2015 Author: Arsyntex Vendor Homepage: http://www.immunityinc.com/products/debugger/ Version: v1.85 Tested on: Windows 8.1 Pro Incorrect path/file EXtEnsion parsing. -Create folder with the name: .exe.exe and put any...

SysAid Help Desk Administrator Portal Arbitrary File Upload

This module exploits a file upload vulnerability in SysAid Help Desk. The vulnerability exists in the ChangePhoto.jsp in the administrator portal, which does not correctly handle directory traversal sequences and does not enforce file extension restrictions. While an attacker needs an administrat...

SysAid Help Desk Administrator Portal &lt; 14.4 - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SysAid Help Desk Administrator Portal Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerabili...

GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection

GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection Affected software: GoAutoDial Affected version: 3.3-1406088000 GoAdmin and previous releases of GoAutodial 3.3 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory:...

Lychee 2.7.1 Remote Code Execution

Advisory ID: SGMA15-002 Title: Lychee remote code execution Product: Lychee Version: 2.7.1 and probably prior Vendor: lychee.electerious.com Vulnerability type: Remote Code Execution Risk level: High Credit: Filippo Cavallarin - segment.technology CVE: N/A Vendor notification: 2015-04-12 Vendor...

CVE-2015-2348

The moveuploadedfile implementation in ext/standard/basicfunctions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...

Adobe Reader and Acrobat File Extension Buffer Overflow - Ver2 (CVE-2004-0632)

A buffer overflow vulnerability has been reported in Adobe Acrobat and Adobe Acrobat Reader. The vulnerability is due to improper handling of file name extensions. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause...

Malware cleanup to Gravity Forms arbitrary file upload-vulnerability warning-the black bar safety net

Regular malware detection cleanup process, we encountered one case of infection, caused our attention. Our environment does not have any special or fancy stuff, just updated wordpress and 3 expired plug-in; this situation is quite reasonable. The processing process ends, the environment is clean...

[CORE-2014-0008] - Advantech AdamView Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech AdamView Buffer Overflow 1. Advisory Information Title: Advantech AdamView Buffer Overflow Advisory ID: CORE-2014-0008 Advisory URL: http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow Date...

HelpDEZk 1.0.1 Unrestricted File Upload

Advisory ID: HTB23239 Product: HelpDEZk Vendor: HelpDEZk Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 15, 2014 without technical details Vendor Notification: October 15, 2014 Public Disclosure: November 5, 2014 Vulnerability Type: Unrestricted...

Arbitrary File Upload in HelpDEZk

High-Tech Bridge Security Research Lab discovered vulnerability in HelpDEZk, which can be exploited to compromise vulnerable web site. 1 Unrestricted Upload of File with Dangerous Type in HelpDEZk: CVE-2014-8337 The vulnerability exists due to absence of validation of file extensions when uploadi...