165 matches found
CVE-2018-6229
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system...
Trend Micro Control Manager vulnerable to SQL injection
Overview Trend Micro Control Manager contains multiple SQL injection vulnerabilities. This advisory refers to the vulnerabilities that are disclosed on the TippingPoint Zero Day Initiative advisories listed below. TippingPoint Zero Day Initiative...
Siemens ViewPort for Web Office Portal Remote Code Execution Vulnerability
Web Office Portal provides authorized users with read-only access to retrieve current data from the Control Center solution, Spectrum Power™. A remote code execution vulnerability exists in Siemens ViewPort for Web Office Portal. An unauthenticated attacker could upload arbitrary code and execute...
Samba shared library upload and execution
Added: 06/08/2017 CVE: CVE-2017-7494 BID: 98636 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in Samba allows a remote attacker to upload a shared object library to a writab...
WordPress Userpro Remote File Upload Exploit
This Metasploit module exploits an arbitrary PHP code upload in thewordpress Ifileupload plugin, The vulnerability allows for unauthorization file upload and remote code execution. Exploit Title : Wordpress Userpro Remote File Upload Exploit Author : Ashiyane Digital Security Team Vendor Homepage...
WordPress Userpro Remote File Upload
Exploit Title : Wordpress Userpro Remote File Upload Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://userproplugin.com/ Google Dork : inurl:/wp-content/plugins/userpro/ Date : 10/20/2016 Tested on : Windows10/Linux This module requires Metasploit:...
Cisco Prime Infrastructure and Evolved Programmable Network Manager API Unauthorized Access Vulnerability
Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM are both products of the U.S. Cisco Cisco.PI is a set of solutions for wireless management through Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies; EPNM is a network...
CVE-2015-5397
Cross-site request forgery CSRF vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors...
CVE-2015-5397
Cross-site request forgery CSRF vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors...
WordPress Work The Flow Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress Work The Flow Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the WordPress...
Wordpress Reflex Gallery Upload Vulnerability
This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Wordpress N-Media Website Contact Form Upload Vulnerability
This module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Wordpress Creative Contact Form Upload Vulnerability
This module exploits an arbitrary PHP code upload in the WordPress Creative Contact Form version 0.9.7. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Wordpress InfusionSoft Upload Vulnerability
This module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
WordPress Pixabay Images PHP Code Upload Exploit
This Metasploit module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images version 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system. This module requires Metasploit:...
Multiple Directory Traversal Vulnerabilities in Multiple IBM Products
IBM PureApplication System provides a way to virtualize, distribute, optimize and monitor applications and software in the cloud. Multiple directory traversal vulnerabilities exist in multiple IBM products, which could allow a remote attacker to upload arbitrary code via the directory traversal...
Visual Mining NetCharts Server Remote Code Execution Exploit
This Metasploit module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' us...
Visual Mining NetCharts Server Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Visual Mining NetCharts Server Remote Code Execution', 'Description' = %q This module exploits multiple vulnerabilities in Visual...
Wordpress InfusionSoft Upload
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...