16 matches found
EUVD-2025-35195
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...
CVE-2022-44276
In Responsive Filemanager 9.12.0, an attacker can bypass upload restrictions resulting in RCE...
File Upload Vulnerability in EyouCMS of Hainan Zanzan Network Technology Co.
Hainan Zanzan Network Technology Co., Ltd. station-building system EyouCms is based on the TP5.0 framework for the core development of free + open source enterprise content management system, focusing on enterprise station-building user needs, to provide a large number of templates in various...
金蝶某系统存在任意文件上传漏洞可威胁内网
简要描述: 上传绕过,可内网才是关键 详细说明: WooYun: 某大型在线考试系统通用型任意文件上传(涉及银行、证卷等企业) 问题发生后,是有进行相应的修补,但修补的有问题,限制了对jsp马的上传,但jspx毫无限制 上传jsp直接报错 但是jspx就 http://exam.kingdee.com/mana/edit/attachupload.jsp 可直接上传jspx马 上传成功后直接查看源代码获取shell地址 漏洞证明:...
Unrestricted file upload
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated...
Design/Logic Flaw
The Multiple Analyzer in the Dialed Number Analyzer DNA component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297...
Joomla KISS Advertiser Remote File & Bypass Upload Vulnerability
No description provided by source. Exploit Title: Joomla comKSAdvertiser Remote File & Bypass Upload Vulnerability Google Dork: inurl:index.php?option=comksadvertiser Date: 12-07-2012 Author: Daniel Barragan D4NB4R Twitter: @D4NB4R site: http://www.insecurityperu.org/ vendor Link:...
Joomla! Component com_ksadvertiser - Remote File Bypass Upload
Joomla! Component comksadvertiser - Remote File Bypass Upload Exploit Title: Joomla comKSAdvertiser Remote File & Bypass Upload Vulnerability Google Dork: inurl:index.php?option=comksadvertiser Date: 12-07-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://www.insecurityperu.org/...
Joomla! Component com_ksadvertiser - Remote File / Bypass Upload
Exploit Title: Joomla comKSAdvertiser Remote File & Bypass Upload Vulnerability Google Dork: inurl:index.php?option=comksadvertiser Date: 12-07-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://www.insecurityperu.org/ vendor Link: http://www.kiss-software.de Tested on:...
Joomla Component com_ksadvertiser Remote File & Bypass Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla comKSAdvertiser Remote File & Bypass Upload Vulnerability Google Dork: inurl:index.php?option=comksadvertiser Date: 12-07-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://www.insecurityperu.org/ vendor...
phpAcounts v. 0. 5. 3 SQL injection and fix-vulnerability warning-the black bar safety net
Author: loneferret Affected version: 0.5.3 Developer address: http://phpaccounts.com/ Test platform: Ubuntu Server 11.10 Old app, still fun. Auth. Bypass: http://www.xxx.com /phpaccounts/index.php Username: x' or '1'='1' Password: whatever Upload php shell in preferences Letterhead image upload...
CVE-2008-0569
The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors...
Dokeos 1.8.4 Bypass Upload Shell From Your Profile Vulnerability
No description provided by source. Name : dokeos-1.8.4 Bypass Upload Shell From Your Profile Your Cpanel Download From : http://www.dokeos.com/download/dokeos-1.8.4.zip Found By : RoMaNcYxHaCkEr Home Page : Not Yet : Google Dork : Platform Dokeos 1.8.4 2007...
Dokeos 1.8.4 - Arbitrary File Upload
Dokeos 1.8.4 - Arbitrary File Upload Name : dokeos-1.8.4 Bypass Upload Shell From Your Profile Your Cpanel Download From : http://www.dokeos.com/download/dokeos-1.8.4.zip Found By : RoMaNcYxHaCkEr Home Page : Not Yet : Google Dork : Platform Dokeos 1.8.4 © 2007...
midiripoff.txt
lintah|adv|15@2006=========php b/d / / / ooo000-------------------------------- -------------000ooo/ / / \ \ \ Indonesian Cyber-Terrorist Grey Hats / / \ / / \ iFX a.k.a inversFX / / | ifx@... | | / \ \ / \ \ | | | ! ! | :. :/ | | | | | | locate : Indonesia, Jakarta | | |...
CVE-2006-3336
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution...