Lucene search
K

75 matches found

0day.today
0day.today
added 2021/08/18 12:0 a.m.264 views

Lucee Administrator imgProcess.cfm Arbitrary File Write Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...

9.8CVSS9.6AI score0.89189EPSS
Exploits5
Metasploit
Metasploit
added 2021/08/17 5:42 p.m.117 views

Lucee Administrator imgProcess.cfm Arbitrary File Write

This module exploits an arbitrary file write in Lucee Administrator's imgProcess.cfm file to execute commands as the Tomcat user. Module Options msf use exploit/linux/http/luceeadminimgprocessfilewrite msf exploitluceeadminimgprocessfilewrite show targets ...targets... msf...

9.8CVSS8.6AI score0.89189EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/08/17 12:0 a.m.608 views

Lucee Administrator imgProcess.cfm Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...

9.8CVSS0.7AI score0.89189EPSS
Exploits5
OpenVAS
OpenVAS
added 2021/06/11 12:0 a.m.30 views

Lucee < 5.3.5.96, 5.3.6.x < 5.3.6.68, 5.3.7.x < 5.3.7.47 RCE Vulnerability (GHSA-2xvv-723c-8p7r) - Active Check

Lucee is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:lucee:luceeserver";...

9.8CVSS9.9AI score0.89189EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2021/06/11 12:0 a.m.27 views

Lucee < 5.3.5.96, 5.3.6.x < 5.3.6.68, 5.3.7.x < 5.3.7.47 RCE Vulnerability (GHSA-2xvv-723c-8p7r) - Version Check

Lucee is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:lucee:luceeserver";...

9.8CVSS9.9AI score0.89189EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2021/06/11 12:0 a.m.18 views

Lucee Detection (HTTP)

HTTP based detection of Lucee. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.146114";...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2021/06/08 12:0 a.m.168 views

Lucee Server 未授权RCE漏洞(CVE-2021-21307)

Finding 0day to hack Apple Getting started We started hacking on Apple after the infamous blog post by Sam, et al. The goal was to focus on critical findings such as PII exposure or getting access to Apple's servers/internal network. These are the types of bugs we thought Apple would be most...

7.5CVSS9.8AI score0.89189EPSS
Exploits5
NVD
NVD
added 2021/02/11 7:15 p.m.53 views

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

9.8CVSS0.89189EPSS
Exploits5References7
OSV
OSV
added 2021/02/11 7:15 p.m.44 views

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

9.8CVSS7AI score
Exploits0References7
Prion
Prion
added 2021/02/11 7:15 p.m.30 views

Code injection

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

7.5CVSS9.2AI score0.89189EPSS
Exploits5References7Affected Software1
Cvelist
Cvelist
added 2021/02/11 6:20 p.m.51 views

CVE-2021-21307 Remote Code Exploit in Lucee Admin

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

8.6CVSS9.6AI score0.89189EPSS
Exploits5References7
CVE
CVE
added 2021/02/11 6:20 p.m.269 views

CVE-2021-21307

CVE-2021-21307 : Lucee Admin has an unauthenticated remote code execution vulnerability in Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. The issue is fixed in those versions; a workaround is to block access to the Lucee Administrator. Public exploitation templates (e.g., an unordere...

9.8CVSS9AI score0.89189EPSS
In wildExploits5References7Affected Software1
CNNVD
CNNVD
added 2021/02/11 12:0 a.m.7 views

Lucee Server Authorization Issues Vulnerability

An authorization issue vulnerability exists in Lucee Server that arises from a lack of authentication measures or insufficient authentication strength in a network system or product...

9.8CVSS7.3AI score0.89189EPSS
Exploits5References7
ATTACKERKB
ATTACKERKB
added 2021/02/11 12:0 a.m.102 views

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

9.8CVSS9AI score0.89189EPSS
In wildExploits5References8
Exploit DB
Exploit DB
added 2020/11/19 12:0 a.m.721 views

TestBox CFML Test Framework 4.1.0 - Directory Traversal

Title: TestBox CFML Test Framework 4.1.0 - Directory Traversal Author: Darren King Date: 2020-07-23 Vendor Homepage: https://www.ortussolutions.com/products/testbox Software Link: https://www.ortussolutions.com/parent/download/testbox?version=3.1.0 Version : 2.3.0 through to 4.1.0 Tested on: Adob...

7.4AI score
Exploits0
Rows per page
Query Builder