October 8, 2019—KB4520011 (OS Build 10240.18368)

October 8, 2019—KB4520011 OS Build 10240.18368 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer and Microsoft Edge...

Code Execution Vulnerability in UCMS Backend File Management

UCMS is a simple open source content management system. A code execution vulnerability exists in the UCMS backend file management, which can be exploited by an attacker to gain control of the web server...

Cisco Unity Connection libSRTP Denial of Service Vulnerability

A vulnerability in local file management for Cisco Unity Connection could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction...

September 10, 2019—KB4516066 (OS Build 16299.1387)

September 10, 2019—KB4516066 OS Build 16299.1387 Reminder: March 12 and April 9 were the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

CVE-2019-15524

CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI...

Remote code execution

CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI...

EulerOS 2.0 SP2 : bind (EulerOS-SA-2019-1730)

According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to...

Important: bind

Issue Overview: A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as l...

SQL Injection Vulnerability in Purple File Management System

Purple Software Systems Ltd. is a software services and systems integration provider. A SQL injection vulnerability exists in the Purple File Management System, which can be exploited by attackers to obtain sensitive information from the database...

IBM Spectrum Scale Information Disclosure Vulnerability (CNVD-2019-00562)

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The solution supports helping clients reduce storage costs while improving security and management efficiency in...

Wordpress Media File Manager 1.4.2 Plugin - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Exploit Author: Pasquale Turi aka boombyte Vendor Homepage: https://wordpress.org/plugins/media-file-manager/ Software Link:...

WordPress Media File Manager 1.4.2 Directory Traversal

Exploit Title: Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Date: 2018-05-11 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage: https://wordpress.org/plugins/media-file-manager/ Software Link: https://wordpress.org/plugins/media-file-manager/ Version: 1.4.2 CVE: N/A...

WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting

Exploit Title: Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Date: 2018-05-11 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage: https://wordpress.org/plugins/media-file-manager/ Software Link: https://wordpress.org/plugins/media-file-manager/ Version: 1.4.2 CVE: N/A...

Poppy Web Interface Generator 0.8 - Arbitrary File Upload

Poppy Web Interface Generator 0.8 - Arbitrary File Upload Exploit Title: Poppy Web Interface Generator 0.8 - Arbitrary File Upload Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://poppy.dc-development.de/ Software Link:...

Arbitrary File Deletion Vulnerability in Background File Management of HDWiki System

Interactive Wiki open source system HDwiki is a free wiki Wiki building system. There is an arbitrary file deletion vulnerability in the background file management of the HDWiki system. An attacker can exploit the vulnerability to delete arbitrary files...

JTBC(PHP) Arbitrary File Read Vulnerability

JTBC PHP is an open source CMS Content Management System. JTBC PHP 3.0.1.6 version of an arbitrary file reading vulnerability , a remote attacker can use /console//console/file/manage.php?type=list&path=c:/URL to exploit the vulnerability in the system to read arbitrary files...

Responsive Filemanager 9.8.1 Authentication Bypass Vulnerability

Exploit for php platform in category web applications I. VULNERABILITY ------------------------- Responsive Filemanager 9.8.1 Authentication Bypass II. CVE REFERENCE ------------------------- CVE-2018-18061 III. VENDOR ------------------------- https://www.responsivefilemanager.com IV. REFERENCES...

Responsive Filemanager Authentication Bypass Vulnerability

Responsive FileManager is an open source file manager written in PHP that supports uploading and managing videos, images and other files. An authentication bypass vulnerability exists in Responsive Filemanager version 9.8.1 that allows an attacker to access the file management interface, which...

CVE-2018-17837

An issue was discovered in JTBCPHP 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring...

EggShell - iOS/macOS/Linux Remote Administration Tool

EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shel...