EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal) Exploit

Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...

EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)

Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...

Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php

Impact The impact of this path traversal and arbitrary extension is limited creation of arbitrary files and appending data to existing files but when combined with the SQL Injection, the exported data RESTRICTED DIFFUSION 9 / 9 can be controlled and a webshell can be uploaded. Attackers can use...

Serendipity 2.4.0 - File Inclusion RCE

Exploit Title: Serendipity 2.4.0 - File Inclusion RCE Author: nu11secur1ty Date: 04.26.2023 Vendor: https://docs.s9y.org/index.html Software: https://github.com/s9y/Serendipity/releases/tag/2.4.0 Reference: https://portswigger.net/web-security/file-upload Reference:...

Siemens Industrial Products Allocation of Resources Without Limits or Throttling (CVE-2022-43768)

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions, SIMATIC CP 1243-1 All versions, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions, SIMATIC CP 1243-7 LTE EU All versions, SIMATIC CP 1243-7 LTE US All...

Siemens Industrial Products Use After Free (CVE-2022-43716)

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions, SIMATIC CP 1243-1 All versions, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions, SIMATIC CP 1243-7 LTE EU All versions, SIMATIC CP 1243-7 LTE US All...

Siemens Industrial Products Deadlock (CVE-2022-43767)

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions, SIMATIC CP 1243-1 All versions, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions, SIMATIC CP 1243-7 LTE EU All versions, SIMATIC CP 1243-7 LTE US All...

CVE-2023-29489

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31...

CVE-2023-22581

White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application the default installation makes the webserver run as the root user...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

CVE-2023-25553

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring Cloud Function Vulnerability CVE-2022-22963 RCE This...

CVE-2022-43716

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...

CVE-2022-43767

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...

CVE-2022-43768

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...

CVE-2022-43716

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions, SIMATIC CP 1243-1 All versions, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions, SIMATIC CP 1243-7 LTE EU All versions, SIMATIC CP 1243-7 LTE US All...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions, SIMATIC CP 1243-1 All versions, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions, SIMATIC CP 1243-7 LTE EU All versions, SIMATIC CP 1243-7 LTE US All...

CVE-2022-43768

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...

CVE-2022-43767

A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...