Sentrifugo 3.2 - File Upload Restriction Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload Restriction Bypass vulnerabiliti...

Sentrifugo 3.2 - File Upload Restriction Bypass

Sentrifugo 3.2 - File Upload Restriction Bypass Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload...

Sentrifugo 3.2 File Upload Restriction Bypass

Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload Restriction Bypass vulnerabilities were found in...

Sentrifugo 3.2 - File Upload Restriction Bypass

Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload Restriction Bypass vulnerabilities were found in...

GAME OVER: Detecting and Stopping an APT41 Operation

In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. APT41 is...

Far Autumn Medical Training Enrollment System v1.0 File Upload Vulnerability in Frontend

Far Autumn Medical Online Examination System adopts the universal test bank management software, applicable to all levels and types of medical schools and hospitals, the content contains the three basic exams for medical and nursing personnel, title exams, licensing exams, academic exams, trainin...

File Upload Vulnerability in Far Autumn Medical Training Enrollment System v1.0

Far Autumn Medical Online Examination System adopts the universal test bank management software, applicable to all levels and types of medical schools and hospitals, the content contains the three basic exams for medical and nursing personnel, title exams, licensing exams, academic exams, trainin...

File upload vulnerability in Qibo CMS gl***.php file

Qibo CMS system is a content management system under Guangzhou Qibo Network Technology Co. A file upload vulnerability exists in the gl.php file of the Qibo CMS system. It allows an attacker to upload a webshell and gain server privileges...

Rare Steganography Hack Can Compromise Fully Patched Websites

An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP cod...

CloudBees Jenkins Arbitrary Arbitrary File Upload Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dependency Graph Viewer Plugin is used in...

File Upload Vulnerability in ShopXO v1.5.0

ShopXO is an open source enterprise-level open source e-commerce system. A file upload vulnerability exists in ShopXO v1.5.0. Allows attackers to upload webshell and gain server privileges...

File Upload Vulnerability in Website Management System of Kunshan Unicom Technology

Kunshan U-Net Information Technology Co., Ltd. is a website design company that integrates website construction with visual design development and brand online marketing promotion. A file upload vulnerability exists in the website management system of Kunshan YouNET Technology. An attacker can us...

CVE-2019-1010062

PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...

CVE-2019-1010062

PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...

Design/Logic Flaw

PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...

CVE-2019-1010062

PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...

CVE-2019-1010062

Summary: CVE-2019-1010062 affects PluckCMS 4.7.4 and earlier. The vulnerability is CWE-434: Unrestricted Upload of File with Dangerous Type, enabling potential webshell access. The issue is traced to data/inc/images.php at line 36, with the attack vector described as manipulating the MIME TYPE in...

File upload vulnerability in Tongda OA 2015, 2016 Of***.php file

Ltd. is subordinate to China National Weapons Industry Information Center CNWIIC, which is referred to as Tongda Xinke. It is a high-tech team with the main business of collaborative management software development and implementation, service and consulting. A file upload vulnerability exists in...

CVE-2019-12803

In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system comman...

CVE-2019-12803

In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system comman...