ATutor 2.2.4 - file_manager Remote Code Execution Exploit #RCE

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...

ATutor file_manager Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user privilege. The 'Upload files' section in the 'File Manager'...

Pydio Cross-Site Scripting Vulnerability (CNVD-2019-14091)

Pydio AjaXplorer is a web-based remote file manager. The manager supports uploading and downloading files, online file editing, image previewing and more. A cross-site scripting vulnerability exists in Pydio version 8, which stems from a lack of proper validation of client-side data by the WEB...

Path traversal

An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if a...

CVE-2019-9624

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI...

Design/Logic Flaw

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI...

Webmin Arbitrary Code Execution Vulnerability

Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. An arbitrary code execution vulnerability exists in Webmin 1.900. A remote attacker can use the "Java File Manager" and "Upload and Download" privileges to uploa...

WordPress Media File Manager Plugin < 1.4.4 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112533";...

Usermin 1.750 - Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' ...

Usermin 1.750 - Remote Command Execution (Metasploit)

Usermin 1.750 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' = %q...

CVE-2018-20791

tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the mediapreview action...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12900)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'getfile' function of the ajaxcalls.php file in version...

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload Exploit

Exploit for php platform in category web applications Exploit Title: UniSharp Laravel File Manager - Arbitrary File Upload Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: Mohammad Danish Vendor Homepage:...

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload Exploit Title: UniSharp Laravel File Manager - Arbitrary File Upload Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: Mohammad Danish Vendor Homepage:...

UniSharp Laravel File Manager 2.0.0-alpha7 Arbitrary File Upload

Exploit Title: UniSharp Laravel File Manager - Arbitrary File Upload Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: Mohammad Danish Vendor Homepage: https://github.com/UniSharp/laravel-filemanager Software Link:...

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload

Exploit Title: UniSharp Laravel File Manager - Arbitrary File Upload Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: Mohammad Danish Vendor Homepage: https://github.com/UniSharp/laravel-filemanager Software Link:...

BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution

BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link:...

CVE-2018-20778

admin/?/plugin/filemanager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element...

CVE-2018-20775

admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...

Cross site scripting

admin/?/plugin/filemanager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element...