CVE-2017-6779

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occu...

CVE-2017-6779

CVE-2017-6779 affects multiple Cisco VOS-based products (Emergency Responder, Finesse, UCM family, Unity Connection, UIC, SME, UCCx, MediaSense, Prime products, and related). Root cause: system log file has no maximum size limit, enabling an unauthenticated, remote attacker to cause high disk uti...

ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI Vulnerabilities

ProjectPier versions 0.8.8 and below suffer from remote file inclusion, authentication bypass, remote shell upload, and remote SQL injection vulnerabilities. "ProjectPier is a Free, Open-Source, PHP application for managing tasks, projects and teams through an intuitive web interface."...

Vayne-RaT - An Advanced C# .NET RAT

Vayne-RaT is Free and Open SourceRemote Administration Tool Coded In C. Features: Multi-Threaded CMD Shell File Manager Download & Upload Remote Desktop Password Recovery Assembly Builder Scan-Time Crypter FUD Requirements Stub Coded In .NET 2.0 Mono.Cecil.dll Dissembler Lib.dll BunifuUIv1.52.dll...

File upload vulnerability in phpComasy CMS system

phpComasy CMS is a foreign open source content management system, with simple and fast, scalable, is the ideal system for small and medium-sized websites. phpcomasy v2.1.1 A file upload vulnerability exists in the phpcomasy\classes\class.filemanager.php file, which allows an attacker to upload a...

Hashcat Wrapper for Distributed Hashcracking: Hashtopolis

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis’s development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...

CVE-2018-9134

filemanagecontrol.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters...

Cross site request forgery (csrf)

filemanagecontrol.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters...

CVE-2018-9134

filemanagecontrol.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters...

Code execution vulnerability in HAIRUICMS v2.1.4 /FileManage/fsoedit.asp file

HAIRUICMS HAIRUICMS is developed by HAIRUICMS based on Microsoft ASP and general ACCESS/MSSQL database. HAIRUICMS v2.1.4 /FileManage/fsoedit.asp file has a code execution vulnerability. An attacker can exploit the vulnerability to directly edit scripts to write Trojan horses and obtain a webshell...

Code Execution Vulnerability in DedeCMS V5.7 SP2

Weaving dream content management system DedeCms is a PHP open source website management system. A code execution vulnerability exists in the filemanagecontrol.php file in DedeCMS V5.7 SP2, which can be exploited by an attacker to upload a file and obtain a webshell...

Directory based organisational layer - Critical - Unsupported - SA-CONTRIB-2017-096

This module adds a new organizational layer to Drupal, making it easy for managing large numbers of files and nodes. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. The security team takes action in...

[SECURITY] Fedora 27 Update: git-annex-6.20170925-3.fc27

Git-annex allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with f iles larger than git can currently easily handle, whether due to limitations in memory, time, or disk space. It can store large files in many...

CVE-2017-7341

An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests...

Command injection

An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests...

CVE-2017-7341

An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests...

FortiWLC file management OS Command Injection vulnerability

The FortiWLC file management AP script download webUI page is affected by an OS Command Injection vulnerability which may allow an authenticated admin user to execute arbitrary system console commands, and possibly subsequently "root" the device...

Extplorer Command Injection Vulnerability

eXtplorer is a PHP-based online file management program that supports online browsing of files and folders as well as logging into FTP servers as an FTP client. A command injection vulnerability exists in eXtplorer 2.1.9 and earlier versions. The vulnerability can be exploited to inject commands...

Bypass File-management Restrictions

Moodle is vulnerable to the bypass of file-management restrictions. Authenticated attackers can bypass the intended file-management restrictions when using web services to perform uploads after the moodle/user:manageownfiles capability has been revoked...

CVE-2017-9602

KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to...