Savant Web Server Detection

Checks whether Savant Web Server is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the...

Apache Airflow vulnerable to XSS and local file disclosure

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

GHSA-Q3P4-GW7R-WQJC Apache Airflow vulnerable to XSS and local file disclosure

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

Network Management Card 6.2.0 Host Header Injection

Exploit Title: Network Management Card 6.2.0 - Host Header Injection Google Dork: Date: 2019-11-21 Exploit Author: Amal E Thamban,Kamal Paul Vendor Homepage: https://www.apc.com/in/en/ Software Link: https://www.apc.com/shop/in/en/products/Network-Management-Card Version: v6.2.0 Tested on: Kali...

Linear eMerge50P/5000P 4.6.07 Remote Code Execution

!/bin/bash Full remote code execution exploit for the Linear eMerge50P/5000P 4.6.07 Including escalating to root privileges CVE: CVE-2019-7266, CVE-2019-7267, CVE-2019-7268, CVE-2019-7269 Advisory: https://applied-risk.com/resources/ar-2019-006 Paper:...

Siemens Cp1604 Improper Input Validation

A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced incl. SIPLUS NET variants, CP443-1 incl. SIPLUS NET variants, CP443-1 Advanced incl. SIPLUS NET variants, CP443-1 OPC UA incl. SIPLUS NET variants, RFID 181EIP, SIMATIC CP 1616 and CP 1604, SIMATIC CP 343-1 Advanced incl...

CVE-2011-4902

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver...

CVE-2011-4902

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver...

Code injection

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver...

CVE-2019-8232

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file...

CVE-2019-8232

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file...

Race condition

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file...

CVE-2019-12417

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

Remote code execution

The slubevents aka SLUB: Event Registration extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be...

Multiple vulnerabilities in extension "SLUB: Event Registration" (slub_events)

The extension allows to upload arbitrary files to the webserver. For versions 1.2.2 and below, this vulnerability results in Remote Code Execution. In versions later than 1.2.2, the vulnerability can result in Denial of Service, since the webspace can be filled up with arbitrary files. The...

GoAhead Web server HTTP header injection vulnerability

GoAhead WebServer is an open source embedded WEB server program that supports Active Server Pages, embedded Javascript, SSL authentication and encryption. An HTTP header injection vulnerability exists in GoAhead Web server. It allows an attacker to spoof a specific host header, which allows the...

CVE-2018-21027

Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory OOM condition because malloc is mishandled...

CVE-2019-17188

An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs...

Unrestricted file upload

An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs...

CVE-2019-17188

An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs...