TestLink Open Source Test Management Remote Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e chang...

CVE-2018-7271

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...

CVE-2018-7271

CVE-2018-7271 affects MetInfo 6.0.0. In the installer (install/install.php), the config/config_db.php filtering during installation is insufficient, allowing an attacker to inject malicious code and potentially execute arbitrary commands or obtain a web shell. The root cause is sloppy filtering o...

CVE-2018-7271

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...

Cambium Networks cnPilot Backdoor Access Elevation of Privilege Vulnerability

Cambium Networks cnPilot is a cloud-enabled managed single-band router product from Cambium Networks, USA. A security vulnerability exists in Cambium Networks cnPilot using firmware version 4.3.2-R4 and earlier. An attacker can exploit the vulnerability by accessing the web shell using the...

CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

Path traversal

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

CVE-2017-5259

Cambium Networks cnPilot firmware versions 4.3.2-R4 and earlier are affected by CVE-2017-5259, which exposes an undocumented root-privilege admin web shell. The vulnerability is accessible via the HTTP path https:///adm/syscmd.asp and is described as a backdoor that allows execution of arbitrary ...

PT-2017-16427

Name of the Vulnerable Software and Affected Versions: Cambium Networks cnPilot firmware versions 4.3.2-R4 and prior Description: The issue concerns an undocumented, root-privilege administration web shell accessible via a specific HTTP path. This path is "https:///adm/syscmd.asp". Recommendation...

CVE-2017-15876

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...

Multiple File Upload Vulnerabilities in CLTPHP Content Management System

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. Multiple file upload vulnerabilities exist in the backend of the CLTPHP content management system, which allows attackers to log in to the backend and upload webshells to gain control of the...

Endian Firewall Stored From XSS to Remote Command Execution

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system...

VulnCheck KEV: CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

Apache Tomcat PUT method JSP upload

Added: 10/13/2017 BID: 100954 Background Apache Tomcat is a Java web application platform. Problem A vulnerability in Apache Tomcat allows remote attackers to execute arbitrary commands by using the PUT method to upload a JSP file, and then requesting that file. Resolution Upgrade to Apache Tomca...

Apache Tomcat PUT method JSP upload

Added: 10/13/2017 BID: 100954 Background Apache Tomcat is a Java web application platform. Problem A vulnerability in Apache Tomcat allows remote attackers to execute arbitrary commands by using the PUT method to upload a JSP file, and then requesting that file. Resolution Upgrade to Apache Tomca...

DAws - Advanced Web Shell

There's multiple things that makes DAws better than every Web Shell out there: 1. Bypasses Security SystemsIPS, WAFs,etc like Suhosinuses up to 20 php functions just to get a command executed. 2. Drops CGI Shells and communicate with them to bypass Security Systems. 3. Uses the SSH Authorized Key...

DotCMS 4.1.1 Shell Upload

========================== Advisory: DotCMS /servlets/ajaxfileupload Arbitrary File Upload Vulnerability Author: M3@pandas From DBAppSecurity Security Lab Email: [email protected] Affected Version: 4.1.1 the latest version ========================== Vulnerability Description...

Dasan Networks GPON ONT WiFi Router H64X Series System Config Download

Dasan Networks GPON ONT WiFi Router H64X Series System Config Download Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Models: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645G Firmware: 3.02p2-1141 2.77p1-1125 2.77-1115 2.76-9999...

Apache ActiveMQ < 5.14.0 - Web Shell Upload Exploit

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. This module requires Metasploit: http://metasploit.com/download Current source:...