IBM WebSphere MQ Local Security Bypass Vulnerability

IBM WebSphere MQ is a messaging middleware product from IBM, USA. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A local security bypass vulnerability exists in IBM WebSphere MQ versions 9.0.0.0 and 9.0.1 that stems from incorrect...

Directory traversal

Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/appconfig/controller/backuper.php via directory traversal in the file parameter during an act=db action...

CVE-2017-8853

Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/appconfig/controller/backuper.php via directory traversal in the file parameter during an act=db action...

CVE-2017-8853

Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/appconfig/controller/backuper.php via directory traversal in the file parameter during an act=db action...

CVE-2017-8853

CVE-2017-8853 affects Fiyo CMS 2.0.7. The vulnerability is in dapur/apps/app_config/controller/backuper.php, where a directory traversal in the file parameter (during an act=db action or type=database request) allows remote deletion of arbitrary files. The related entry CVE-2017-11630 describes a...

Trend Micro Threat Discovery Appliance remote code execution（CVE-2016-7547）

A command injection in the adminsystime. the cgi interface that allows for an attacker to gain remote code execution CVE-2016-7547. Vulnerability linkage: https://www.seebug.org/vuldb/ssvid-92938 This module requires Metasploit: http://metasploit.com/download Current source:...

thinkcmf \application\User\Controller\ProfileController.class.php arbitrary file delete vulnerability

No description provided by source...

SIEMENS SICAM PAS Security Bypass Vulnerability (CNVD-2016-11836)

SICAM PAS is an energy automation solution for the operation of substation equipment. It has open communication interfaces for power system control and control of industrial power supply equipment. A security bypass vulnerability exists in SIEMENS SICAM PAS. A remote attacker can exploit the...

WordPress WP PRO Advertising System 4.6.18 Plugin - SQL Injection

Exploit for php platform in category web applications Vendor Homepage: http://wordpress-advertising.com/ Software Link: http://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693 Version: 4.6.18 Tested on: Debian 8, PHP 5.6.17-3 Type: SQLi, Unserialize, File Delete. Time...

Sysax Multi Server 6.50 - HTTP File Share SEH Overflow Remote Code Execution

Exploit for windows platform in category remote exploits Exploit Title: Sysax Multi Server 6.50 HTTP File Share SEH Overflow RCE Exploit Date: 03/21/2016 Exploit Author: Paul Purcell Contact: ptpxploit at gmail Vendor Homepage: http://www.sysax.com/ Vulnerable Version Download:...

up.time 7.5.0 Arbitrary File Disclose / Delete

up.time 7.5.0 Arbitrary File Disclose And Delete Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: Input passed to the 'filename' parameter in 'get2post.php'...

Ultimate Member <= 1.0.78 - Multiple Vulnerabilities

Ultimate Member Plugin version 1.0.78 has several security vulnerabilities that allow unauthenticated users to delete and upload files, which can ultimately lead to remote code execution...

OpenStack Image Registry Delivery Service Arbitrary File Manipulation Vulnerability

The OpenStack Image Registry Delivery Service is an OpenStack project that stores, queries, and retrieves virtual machine images. An arbitrary file manipulation vulnerability exists in OpenStack Image Registry Delivery Service versions prior to 2014.1.4, and 2014.2.x versions prior to 2014.2.2,...

Leaflet Maps Marker Pro - SQLI, XSS, Shell Upload, file delete

The leaflet-maps-marker-pro WordPress plugin was affected by a SQLI, XSS, Shell Upload, file delete security vulnerability...

PT-2014-6308 · Hewlett Packard · Hp Data Protector

Name of the Vulnerable Software and Affected Versions: HP Data Protector affected versions not specified Description: The issue allows remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. The vendor reportedly assert...

LokiCMS <= 0.3.3 Arbitrary File Delete Vulnerability

No description provided by source. Name : LokiCMS 0.3.3 = Arbitrary File Delete Vulnerability Author : cOndemned Greetz : ZaBeaTy, GregStar, irk4z, doctor, Avantura ; Usage: http://target/lokiCMS/admin.php?delete=path/file PoC: http://target/lokiCMS/admin.php?delete=../includes/Config.php Deletin...

Solaris <= 10 LPD Arbitrary File Delete Exploit (metasploit)

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...

Ppim <= 1.0 (Arbitrary File Delete/XSS) Multiple Vulnerabilities

No description provided by source. Author : BeyazKurt Contact : [email protected] Script : Ppim v1.0 Bu ne bicim script adidir amk :D Download : http://scripts.ringsworld.com/organizers/ppim.zip D0rk : inurl:events.php?listallevents File Delete Vulnerability: upload.php...

DMXReady Blog Manager <= 1.1 - Remote File Delete Vulnerability

No description provided by source. Title : DMXReady Blog Manager = 1.1 Remote Files Delete Vulnerability Author : ajann from Turkey Contact : : S.Page : http://www.dmxready.com $$ : 199.97 $ Dork : inurl:incwebblogmanager.asp DorkEx :...

symantec web gateway 5.0.2.8 - Multiple Vulnerabilities

Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include: https://192.168.82.207/spywall/previewProxyError.php?err=../../../../../../../../etc/passwd File include and OS command...