Lucene search
+L

409 matches found

cvelist
cvelist
added 2019/06/15 5:5 p.m.32 views

CVE-2019-12831

In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems that leads to truncation of strings that are too long for a database column to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of...

7.3AI score0.01495EPSS
Exploits1References2
cve
cve
added 2019/06/15 5:5 p.m.150 views

CVE-2019-12831

CVE-2019-12831 affects MyBB up to version 1.8.20. A crafted XML import can exploit MySQL’s string truncation during imports, enabling an attacker to write a PHP shell into the forum’s cache directory (demonstrated by truncating aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php ...

7.2CVSS7.2AI score0.01495EPSS
Exploits1References2Affected Software1
exploitdb
exploitdb
added 2019/05/20 12:0 a.m.164 views

eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution

Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version : 1.8.5 Software Link : https://github.com/elabftw/elabftw Tested On : Linux / PH...

7.4AI score
Exploits0
zdt
zdt
added 2019/05/01 12:0 a.m.67 views

Hyvikk Fleet Manager - Shell Upload Vulnerability

Exploit for php platform in category web applications ======================================================================================== | Fleet Manager hyvikk Shell Upload | Title : Fleet Manager by hyvikk All versions | Author : saxgy1331 - Kaieteur-Falls-1331 | Vendor Homepage:...

Exploits0
packetstorm
packetstorm
added 2018/07/04 12:0 a.m.51 views

CMS Made Simple 2.2.5 Remote Code Execution

Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Date: 3rd of July, 2018 Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://www.cmsmadesimple.org/downloads/cmsms/ Version: 2.2.5 CVE: CVE-2018-1000094 import requests...

6.5CVSS0.2AI score0.40548EPSS
Exploits8
zdt
zdt
added 2018/07/04 12:0 a.m.79 views

CMSMadeSimple 2.2.5 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://www.cmsmadesimple.org/downloads/cmsms/ Version: 2.2.5 CVE:...

4.3CVSS6.5AI score0.40548EPSS
Exploits15
prion
prion
added 2018/03/24 10:29 p.m.12 views

Cross site request forgery (csrf)

Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...

6.8CVSS8.7AI score0.0058EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2017/12/19 2:29 a.m.20 views

CVE-2017-15876

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...

9CVSS6.8AI score0.02206EPSS
Exploits1References1
prion
prion
added 2017/12/19 2:29 a.m.16 views

Unrestricted file upload

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...

9CVSS6.7AI score0.02206EPSS
Exploits1References1Affected Software1
openvas
openvas
added 2017/12/19 12:0 a.m.33 views

Western Digital My Cloud File Upload Vulnerability

Western Digital My Cloud is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/o:wdc";...

10CVSS9.6AI score0.73404EPSS
Exploits6References4
cvelist
cvelist
added 2017/12/18 5:0 p.m.19 views

CVE-2017-15876

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...

6.8AI score0.02206EPSS
Exploits1References1
zdt
zdt
added 2017/12/16 12:0 a.m.47 views

Western Digital MyCloud multi_uploadify File Upload Exploit

This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multiuploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a...

10CVSS0.7AI score0.73404EPSS
Exploits6
packetstorm
packetstorm
added 2017/12/15 12:0 a.m.55 views

Western Digital MyCloud multi_uploadify File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :uri = '/web/', :pattern = /Apache/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo=...

0.73404EPSS
Exploits6
cnvd
cnvd
added 2017/12/14 12:0 a.m.9 views

Western Digital MyCloud PR4100 Web Management Component 'multi_uploadify' File Upload Vulnerability

The Western Digital MyCloud PR4100 is a networked cloud storage device from Western Digital.The web administration component is one of the web administration components. A security vulnerability exists in the Web administration component of the Western Digital MyCloud PR4100 version 2.30.172. An...

10CVSS7.9AI score0.73404EPSS
Exploits6References1
packetstorm
packetstorm
added 2017/09/19 12:0 a.m.55 views

DlxSpot Shell Upload

Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload to RCE Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: 1.5.10 Tested on:...

9.3AI score0.10081EPSS
Exploits13
exploitdb
exploitdb
added 2017/05/22 12:0 a.m.35 views

Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution

!/usr/bin/python3 TARGET: AeroHive AP340 HiveOS $cmd"; die; ?" URL of the login page where we will inject our PHP command exec code so it poisons the log file posturl= "/login.php5?version=6.1r2" postfields = "loginauth" : "1", "miniHiveUI" : "1", "userName" : payloadinject, "password" : "1234"...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/05/19 12:0 a.m.50 views

Tecnovision DLX Spot - Arbitrary File Upload

Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload to RCE Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: 1.5.10 Tested on:...

10CVSS9.3AI score0.10081EPSS
Exploits13
exploitdb
exploitdb
added 2017/04/02 12:0 a.m.33 views

Pixie 1.0.4 - Arbitrary File Upload

Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...

9.8CVSS7AI score0.05019EPSS
Exploits5
packetstorm
packetstorm
added 2016/06/23 12:0 a.m.27 views

WordPress Ultimate Product Catalog 3.8.6 Shell Upload

Exploit Title: Wordpress Ultimate-Product-Catalog v3.8.6 Arbitrary file RCE Date: 2016-06-23 Google Dork: Index of /wp-content/plugins/ultimate-product-catalogue/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage: http://www.EtoileWebDesign.com/ plugin uri:...

0.3AI score
Exploits0
hackerone
hackerone
added 2016/06/03 9:22 p.m.15 views

drchrono: Bug Report

Sir, I want to report a bug in your web which i have found in few minutes ago : I have registered In your website and i have found a upload option i want to upload some php files but its saying only .pdf file allowed so i have just change my .php file extension to .pdf first its saying not allowe...

7AI score
Exploits0
Rows per page
Query Builder