3566 matches found
Pet Shop Management System 1.0 Privilege Escalation / Shell Upload
!/usr/bin/python3 Exploit Title: Pet Shop Management System v1.0 - Authenticated Privilege Escalation to Remote Code Execution Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 01, 2021 Vendor Homepage:...
CVE-2021-41764
A cross-site request forgery CSRF vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a...
JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09220)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis and build issue analysis reports.A security vulnerability exists in versions of JetBrains TeamCity prior...
DRUPAL-CORE-2021-008
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the...
PT-2021-23019
Name of the Vulnerable Software and Affected Versions TinyFileManager versions up to and including 2.4.6 Description A Path Traversal issue exists that allows attackers to upload a file with the fullpath parameter containing path traversal strings ../ and .. to escape the server's intended workin...
CVE-2021-40870
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal...
PT-2021-16136 · WordPress · Wordpress Simple Ecommerce Shopping Cart Plugin- Sell Products Through Paypal
Name of the Vulnerable Software and Affected Versions: WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin versions 2.2.5 and earlier Description: The issue allows any file, such as PHP, to be uploaded by an administrator due to a lack of checks for uploaded...
Aviatrix Controller 代码问题漏洞
Aviatrix Controller is an application from Aviatrix, Inc. It extends and controls the native structure using the cloud provider's APIs to extend its functionality and integrate it into the software. A security vulnerability exists in Aviatrix Controller that stems from a lack of effective...
CVE-2021-40524
In Pure-FTPd before 1.0.50, an incorrect maxfilesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. Versions 1.0.2...
CVE-2021-32955
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code...
CVE-2021-32955
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code...
B. Braun Infusomat Pumps Could Let Attackers Remotely Alter Medication Dosages
Cybersecurity researchers have disclosed five previously unreported security vulnerabilities affecting B. Braun's Infusomat Space Large Volume Pump and SpaceStation that could be abused by malicious parties to tamper with medication doses without any prior authentication. McAfee, which discovered...
Simple Image Gallery Web App 代码问题漏洞
Simple Image Gallery Web App is a web-based application that can be managed by multiple users. Users can store their images in this Web application.An access control error vulnerability exists in Simple Image Gallery Web App, which stems from an unrestricted file upload of Simple Image Gallery We...
CVE-2020-21356
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads...
Jetbrains JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis and build issue analysis reports.A security vulnerability exists in versions of JetBrains TeamCity prior...
ObjectPlanet Opinio 7.13 Shell Upload
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26806 Exploit Title: ObjectPlanet Opinio version 7.13 allows unrestricted file upload Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timoth...
SourceCodester E-Commerce Website File Upload Vulnerability
SourceCodester E-Commerce Website is an application. A PHP e-commerce website project for bookstores. SourceCodester E-Commerce Website v 1.0 is vulnerable to file uploads, which can be exploited by attackers to execute arbitrary code via file uploads to prodViewUpdate.php...
Victor CMS arbitrary file upload vulnerability
Victor CMS is an open source content management system from the developers of Victor Alagwu Software in Nigeria. version 1.0 of Victor CMS is vulnerable to arbitrary file uploads. An attacker can execute arbitrary code by uploading files to CMS site-masteradminincludesadminaddpost.php...
SourceCodester Alumni Management System Code Issue Vulnerability
Sourcecodester Alumni Management System is a Php, Mysql-based alumni management system from Sourcecodester, Inc. A security vulnerability exists in SourceCodester Alumni Management System version 1.0, which could be exploited by attackers to exploit the vulnerability to execute arbitrary code to...
SourceCodester Alumni Management System代码问题漏洞
Sourcecodester Alumni Management System is a Php, Mysql-based alumni management system from Sourcecodester, Inc. A security vulnerability exists in SourceCodester Alumni Management System version 1.0, which could be exploited by attackers to exploit the vulnerability to execute arbitrary code to...