WordPress Firma Rehberi 4.9.9 Shell Upload / SQL Injection

Exploit Title : WordPress Firma Rehberi Themes 4.9.9 SQL Injection and Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org temafabrika.com/demo/rehber3/ Software Download Link :...

WordPress Cvp-Adegrontec 4.8.3 Shell Upload

Exploit Title : WordPress Cvp-Adegrontec Themes 4.8.3 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

WordPress WP-Ajax-Form-Pro 5.0.2 Shell Upload

Exploit Title : WordPress WP-Ajax-Form-Pro Plugins 5.0.2 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org ajaxformpro.com Software Download Link : ajaxformpro.com Software Script Owner and...

WordPress St_Newsletter Swift Mailer 2.7 Shell Upload

Exploit Title : WordPress StNewsletter Swift Mailer Plugins 2.7 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org forums.devnetwork.net swiftmailer.symfony.com swiftmailer.org Software...

WordPress Sem-Wysiwyg 1.0 Shell Upload

Exploit Title : WordPress Sem-Wysiwyg Plugins 1.0 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

DEBIAN-CVE-2018-19789

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method e.g. setNamestring $name of a class that's the dataclass of a form, and when a...

UBUNTU-CVE-2018-19789

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method e.g. setNamestring $name of a class that's the dataclass of a form, and when a...

Path traversal

In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634...

CVE-2018-20058

In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634...

CVE-2018-20058

CVE-2018-20058 describes a local file path traversal in Evernote for macOS prior to 7.6, affecting the attachment preview feature (MACOSNOTE-28634). The vulnerability path is local file access via the attachment preview, enabling potential leakage of files present on the user’s system. The NVD en...

CVE-2018-20058

In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634...

Arbitrary file deletion vulnerability in ZZCMS full version

ZZCMS is a free and open source website building system, mainly facing the majority of webmasters. ZZCMS full version of the existence of arbitrary file deletion vulnerability. The vulnerability stems from a problem in the logic of admin/dl.php, which leads to the deletion of arbitrary files from...

Valve: Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games.

The structure of the save file implies unpacking of temporary files with extensions .HL1, .HL2 and .HL3. In the code of command 'load', there is a check for invalid substrings, such as .., so unpacking the files into the top directories will not work. Also, it seems, there is a code for checking...

Directory Traversal

AWSSDKCPP-Core is vulnerable to directory traversal. Lack of validation in the file path allows for remote attackers to inject ../ characters to create or retrieve arbitrary files and folders within the file system...

Joomla Fabrik 3.9 CSRF / LFI / Shell Upload

Exploit Title : Joomla ComFabrik 3.9 pluginAjax importcsv advancedsearch getprodimg controller LFI with htaccess CSRF Shell Access Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 29/11/2018 Vendor Homepage : extensions.joomla.org/extension/fabrik/...

Directory Traversal

jetty is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of values in the file path, allowing %2e%2e%5c to be interpreted as ../, hence serving the requested files and causing directory traversal attacks...

Directory Traversal

struts2-core is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization in file path, allowing ..%252f to be used in the file path to perform directory traversal attacks...

CVE-2018-19789: Temporary uploaded file path disclosure

More info at https://symfony.com/cve-2018-19789...

CVE-2018-16849

An information-disclosure flaw was discovered in openstack-mistral, where the SSH private key filename of a std.ssh action could be manipulated. The flaw could be exploited to determine the presence of a file path on the host executing the std.ssh action, based on the returned error message...

Synology DiskStation Manager Information Disclosure Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music, and more. An information disclosure vulnerability exists in SYNO.Core.ACL in Synology DSM versions prior to...