68 matches found
CVE-2023-45852
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...
CVE-2023-45852
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...
Authentication flaw
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...
CVE-2022-38115
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...
TLR-2005KSH - Arbitrary File Upload Vulnerability
Exploit Title: TLR-2005KSH - Arbitrary File Upload Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428 Vulnerability Description...
TLR-2005KSH Arbitrary File Upload
Exploit Title: TLR-2005KSH - Arbitrary File Upload Date: 2022-05-11 Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428...
CVE-2021-46418
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...
CVE-2021-46418
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...
Design/Logic Flaw
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...
CVE-2021-46418
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...
CVE-2021-46418
Telesquare TLR-2855KS6 is affected by CVE-2021-46418. The Nuclei template documents an unauthenticated vulnerability where an HTTP PUT request can create arbitrary files, including CGI scripts, on the device. Impact is described as potentially enabling remote code execution via file creation. Aff...
Telesquare TLR-2855KS6 安全漏洞
The Telesquare TLR-2855KS6 is an LTE router from Telesquare Korea. A security vulnerability exists in the Telesquare TLR-2855KS6 that stems from an unauthorized file creation vulnerability via the PUT method that could allow the creation of CGI scripts...
Exploit for Authentication Bypass by Spoofing in Apache Apisix
CVE-2022-24112 CVE-2022-24112: Apache APISIX apisix/batch-re...
CVE-2021-45428
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...
Improper access control
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...
CVE-2021-45428
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...
CVE-2021-45428
Summary: CVE-2021-45428 affects Telesquare TLR-2005KSH 1.0.0. An incorrect access control vulnerability leaves the PUT/WebDAV path enabled, allowing an attacker to upload arbitrary files (e.g., HTML/CGI). This can lead to remote code execution as described in public exploit notes. The NVD metrics...
CVE-2021-35243
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server 12.7.7 and earlier, allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the...
Solarwinds Web Help Desk 安全漏洞
Solarwinds Web Help Desk is a suite of help desk and asset management software from Solarwinds USA. The software supports features such as centralized knowledge base, IT asset management, project and task management. A security vulnerability exists in Solarwinds Web Help Desk web server version...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq
This is a Python script for exploiting a vulnerability in Apache ActiveMQ. The script is designed to upload a shell to the server using the PUT method. The vulnerability being exploited is CVE-2016-3088. The script requires the user to provide the URL of the ActiveMQ server, the username, and the...