Code injection

OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php...

CVE-2021-41560

OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php...

CVE-2021-41560

OpenCATS up to version 0.9.6 is affected by CVE-2021-41560. The vulnerability allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php, due to insufficient validation of uploaded files. The issue is documented across multiple sources (Red Hat, CNVD...

OpenCats 代码问题漏洞

OpenCats is an open source recruitment process management system. OpenCATS prior to 0.9.6 was vulnerable to file uploads, which stemmed from a lack of valid validation of uploaded files in the application's lib/FileUtility.php. A remote attacker could exploit this vulnerability to execute arbitra...

OpenCATS 0.9.4 - Remote Code Execution Exploit

Exploit Title: OpenCATS 0.9.4 - Remote Code Execution RCE Google Dork: intext:"Current Available Openings, Recently Posted Jobs" Exploit Author: Nicholas Ferreira - https://github.com/Nickguitar Vendor Homepage: https://www.opencats.org/ Software Link: https://github.com/opencats/OpenCATS Version...

OpenCATS 0.9.4 Remote Code Execution

Exploit Title: OpenCATS 0.9.4 - Remote Code Execution RCE Google Dork: intext:"Current Available Openings, Recently Posted Jobs" Date: 21/09/2021 Exploit Author: Nicholas Ferreira - https://github.com/Nickguitar Vendor Homepage: https://www.opencats.org/ Software Link:...

OpenCATS 0.9.4 - Remote Code Execution (RCE)

Exploit Title: OpenCATS 0.9.4 - Remote Code Execution RCE Google Dork: intext:"Current Available Openings, Recently Posted Jobs" Date: 21/09/2021 Exploit Author: Nicholas Ferreira - https://github.com/Nickguitar Vendor Homepage: https://www.opencats.org/ Software Link:...

OpenCats 0.9.4-2 -(docx) XML External Entity Injection Vulnerability

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

OpenCats 0.9.4-2 XML Injection

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

OpenCats 0.9.4 XML Injection Vulnerability

Author : Raed Ahsan Platform : OpenCats Version : 0.9.4 LinkedIn : https://linkedin.com/in/raed-ahsan INSTRUCTIONS FOR EXPLOITING THE OPENCATS 0.9.4 1 Create a file called "cv.py" 2 Paste the following into the cv.py file: from docx import Document document = Document paragraph =...

OpenCats 0.9.4 XML Injection

Author : Raed Ahsan Platform : OpenCats Version : 0.9.4 Date : 20/09/2021 LinkedIn : https://linkedin.com/in/raed-ahsan INSTRUCTIONS FOR EXPLOITING THE OPENCATS 0.9.4 1 Create a file called "cv.py" 2 Paste the following into the cv.py file: from docx import Document document = Document paragraph ...

OpenCATS Remote Code Execution (CVE-2021-25294)

A remote code execution vulnerability exists in OpenCATS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

OpenCATS Cross-Site Scripting Vulnerability (CNVD-2021-09918)

OpenCATS is a free open source candidate/applicant tracking system designed to allow recruiters to manage the hiring process from job posting and candidate application to candidate selection and submission. A cross-site scripting vulnerability exists in OpenCATS 0.9.5-3 and earlier versions. An...

OpenCATS Remote Code Execution Vulnerability

OpenCATS is a free open source candidate/applicant tracking system designed to allow recruiters to manage the hiring process from job posting and candidate application to candidate selection and submission. A remote code execution vulnerability exists in OpenCATS version 0.9.5-3 and earlier. The...

CVE-2021-25295

OpenCATS through 0.9.5-3 has multiple Cross-site Scripting XSS issues...

CVE-2021-25295

OpenCATS through 0.9.5-3 has multiple Cross-site Scripting XSS issues...

CVE-2021-25294

OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an destruct magic metho...

CVE-2021-25294

OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an destruct magic metho...

Cross site scripting

OpenCATS through 0.9.5-3 has multiple Cross-site Scripting XSS issues...