441 matches found
CVE-2015-7669
Multiple directory traversal vulnerabilities in 1 includes/MapImportCSV2.php and 2 includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."...
CMS Made Simple 2.2.3.1 Multiple Vulnerabilities
CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple...
Design/Logic Flaw
In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajaxupload.php, as demonstrated by a ZIP archive that contains a .php file...
Doctor Patient Project 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Doctor Patient Project 1.0 - Multiple Vulnerabilities Dork: N/A Date: 17.08.2017 Vendor Homepage : http://surajkumar.in/ Software Link: http://surajkumar.in/product/doctor-patient-project-php/ Demo: http://surajkumar.in/ Version...
JTBCcms 'uu_upload_file' function has SQL injection vulnerability
JTBC is an open source and free cross-platform web content management system solution. JTBCcms 'uuuploadfile' function SQL injection vulnerability. The vulnerability is caused by the failure to effectively filter the parameters used in the user upload file , an attacker can exploit the...
LEPTON 2.2.2 - Remote Code Execution
Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes...
CVE-2016-1450
Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715...
CVE-2016-1450
Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715...
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities
Document Title: =============== File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1704 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID: ====================================...
SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities
SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities Exploit Title: SIMOGEO FileManager 2.3.0 - Path Traversal Vulnerability Date: 2015-12-09 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone...
D-Link Cookie Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link Cookie Command Execution', 'Description' = %q This module exploits an anonymous remote upload and code execution vulnerabilit...
SolarWinds Firewall Security Manager 6.6.5 - Client Session Handling (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Vulnerability", 'Description' = %q This module exploits multiple...
Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Vulnerability
This module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the 'username'...
Joomla! Component com_simplephotogallery 1.0 - Arbitrary File Upload
Exploit Title: Joomla Simple Photo Gallery - Arbitrary File Upload Google Dork: inurl:comsimplephotogallery Date: 10.03.2015 Exploit Author: CrashBandicot @DosPerl My Github: github.com/CCrashBandicot Vendor Homepage: https://www.apptha.com/ Software Link:...
eyeos <= 1.9.0.2 - Stored XSS vulnerability using image files
No description provided by source. Title: eyeOS = 1.9.0.2 Stored XSS vulnerability using image files Product: eyeOS = 1.9.0.2 Author: Alberto Ortega @a0rtega albertoatpentboxdotnet http://securitybydefault.com/ - Summary: A stored XSS vulnerability using image files jpg, png, gif tested affects t...
XtreamerPRO Media-player 2.6.0 & 2.7.0 - Multiple Vulnerabilities
No description provided by source. Exploit Title: XtreamerPRO Media-player and streamer multiple vulnerabilities Google Dork: intitle:Xtreamer Media Server + 2009 Xtreamer.net, All right reserved. Date: 15/05/2011 Author: Itzik Chen Software Link: www.xtreamer.net Version: ver 2.6.0, 2.7.0 Tested...
Phpbuddies - Arbitrary Upload File Vulnerability
No description provided by source. !===========================================================================! Phpbuddies 0day Arbitrary Upload File Vulnerability Author : Xr0b0t [email protected] Homepage : www.indonesiancoder.com | xrobot.mobi | mc-crew.net | exploit-id.com Date : 18 Mart,...
logahead UNU edition 1.0 - Remote Upload File / Code Execution Vuln
No description provided by source. -=--------------------ADVISORY-------------------=- logahead UNU edition 1.0 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: logahead UNU edition -=+ Version: 1.0 -=+ Vendor's URL: http://typo.i24.cc/logahea...
ifnuke - Multiple Vulnerabilities (0day)
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' Abysssec Inc Public Advisory Title : IfNuke Multiple Remote Vulnerabilities Affected Version : IfNuke 4.0.0 Discovery : www.abysssec.com...
WordPress Upload File Plugin 'wp-uploadfile.php' - SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29352/info The Upload File plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...