CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...

CVE-2023-33253

LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...

aaPanel 安全漏洞

aaPanel is an open source hosting control panel. A security vulnerability exists in aaPanel v1.5, which stems from an access control issue that can be exploited by an attacker to elevate privileges and execute arbitrary code by uploading a crafted PHP file to the system's virtual host directory...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application for voice, video, messaging, audio conferencing and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.6.0.13 and earlier, which stems from. , improper authorization controls, which could allow an...

CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

PONTON X/P Messenger 路径遍历漏洞

PONTON X/P Messenger is a highly configurable ebXML, AS/1, AS/2, AS/3 and AS/4 compliant messaging software from the German company PONTON. ponton X/P Messenger is vulnerable to a path traversal vulnerability that could be exploited by an attacker to upload executable scripts while obtaining...

CVE-2021-42940

A Cross Site Scripting XSS vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code...

Phpwcms 1.9.30 - File Upload to XSS Vulnerability

Exploit Title: Phpwcms 1.9.30 - File Upload to XSS Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating payload with SVG...

Ziehl-Abegg OA Security Breach

Zhiyuan Internet Zhiyuan OA is a collaboration management software from China Zhiyuan Internet Company. Due to the unauthorized access to certain interfaces and insufficient filtering of some functions in older versions of Zhiyuan OA, attackers can upload malicious script files without...

CVE-2020-25010

An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an...

Design/Logic Flaw

An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an...

BaserCMS Remote Code Execution Vulnerability

BaserCMS is an open source enterprise-level content management system cms. A remote code execution vulnerability exists in the editor template in versions of baserCMS prior to 4.4.1. The vulnerability can be exploited by a system administrator to achieve remote code execution by uploading an...

CVE-2020-11950

VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x and before XXXXX-VVTK-0XXXXBeta2 allows an authenticated user to upload and execute a script with resultant execution of OS commands. For example, this affects IT9388-HT devices...

CVE-2020-11629

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

CVE-2020-9380

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script...

CVE-2020-9380

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script...

CVE-2020-9380

The CVE-2020-9380 entry concerns IPTV Smarters WEB TV PLAYER prior to 2020-02-22, where uploading a script enables an attacker to execute OS commands. The Red Hat entry and related advisories corroborate the issue description but do not provide product-specific version ranges or remediation steps...

Remote code execution

controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...

Prima Access Control 2.3.35 Script Upload Remote Code Execution

Prima Access Control 2.3.35 Authenticated Python Script Upload Root RCE CVE: CVE-2019-9189 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper: https://applied-risk.com/resources/i-own-your-building-management-system Discovered by Gjoko 'LiquidWorm' Krstic --- POST /bin/sysfcgi.fx...

Unspecified Vulnerability in Backdrop CMS

Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions 1.12.x prior to 1.12.8 and 1.13.x prior to 1.13.3, which stems from the program's failure to adequately check uploaded archive files. An attacker can exploit the vulnerability to...