15 matches found
CVE-2019-11568
An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type...
EUVD-2010-0193
Malware in sbrugna...
EUVD-2020-4452
Malware in sbrugna...
SUSE CVE-2010-0162
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote...
Directory traversal
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files with "Content-Type: application/octet-stream" to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal...
LY Corporation: Webview in LINE client for iOS will render application/octet-stream files as HTML
Due to misconfiguration in the webview of LINE client for iOS, the data with header "Content-type" as "application/octet-stream" was treated as HTML. This could lead to a malicious Javascript execution, resulting a Cross-site scripting attack...
Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure
!/usr/bin/perl Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...
Unrestricted file upload
An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type...
CVE-2019-11568
An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type...
CVE-2018-18874
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...
Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
imacs CMS 0.3.0 Shell Upload
?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...
Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05)
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote...
CVE-2010-0162
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote...
PHP - MultiPart Form-Data Denial of Service (PoC)
!/usr/bin/python PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 Bogdan Calin [email protected] import httplib, urllib, sys, string, threading from string import replace from urlparse import urlparse def usage: print "" print " PHP MultiPart Form-Data Denial of Service...