Privilege escalation

Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type...

CVE-2019-10276

Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type...

CVE-2019-10276

CVE-2019-10276 affects Western Bridge Cobub Razor 0.8.0. The vulnerability is a file upload issue reachable via the URI web/assets/swf/uploadify.php; demonstration involves uploading a PHP file served with the image/jpeg content type. The connected records confirm the affected product and the upl...

CVE-2018-19906

Stored XSS exists in razorCMS 3.4.8 via the //page description parameter...

Puppet Enterprise, razor-server and pe-razor-server pre-installation vulnerabilities

Puppet Enterprise, razor-server, and pe-razor-server are products of Puppet Labs, Inc. Puppet Enterprise is a set of configuration management tools based on a client/server C/S architecture. razor-server and pe-razor-server are advanced configuration applications for deploying bare metal and...

Code injection

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0...

CVE-2018-6512

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0...

CVE-2018-6512

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0...

CVE-2018-6512

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0...

CVE-2018-6512

CVE-2018-6512 affects Puppet Enterprise 2018.1.x prior to 2018.1.1 and razor-server/pe-razor-server prior to 1.9.0.0, enabling unsafe code execution when upgrading pe-razor-server. Connected sources confirm affected versions and components. Exploitation status is not specified in the documents. R...

Cobub Razor 0.8.0 - Physical path Leakage Vulnerability

Exploit for php platform in category web applications Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL:...

Cobub Razor 0.8.0 Path Disclosure

Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Date: 2018-04-19 Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL: http://localhost/export.php HTTP Method: GET URL:...

Cobub Razor 0.8.0 - Physical Path Leakage

Cobub Razor 0.8.0 - Physical Path Leakage Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Date: 2018-04-19 Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL:...

Cobub Razor 0.8.0 - Physical Path Leakage

Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Date: 2018-04-19 Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL: http://localhost/export.php HTTP Method: GET URL:...

Cobub Razor 0.8.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Exploit Author: Kyhvedni1/email [email protected]/4 Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8057 The...

Cobub Razor 0.8.0 - SQL injection

Cobub Razor 0.8.0 - SQL injection Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedn（[email protected]、[email protected]） Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-80...

Cobub Razor 0.8.0 SQL Injection

Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedni1/[email protected]@5ecurity.cni1/4 Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8057 The string of the...

Cobub Razor 0.8.0 - SQL injection

Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedn（[email protected]、[email protected]） Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8057 The string of the 'channelname'...

Cobub Razor 0.7.2 - Add New Superuser Account Vulnerability

Exploit for php platform in category web applications Exploit Title: Cobub Razor 0.7.2 Add New Superuser User Exploit Author: ppb（email protected） Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7745 There is a...

Cobub Razor 0.7.2 - Add New Superuser Account

Cobub Razor 0.7.2 - Add New Superuser Account Exploit Title: Cobub Razor 0.7.2 Add New Superuser User Date: 2018-03-07 Exploit Author: ppb（[email protected]） Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7745 There is a...