4 matches found
CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...
PT-2025-39395
Name of the Vulnerable Software and Affected Versions Rapid7 Appspider Pro versions prior to 7.5.021 Description The application has a broken access control issue in how it loads configuration files. Standard users can add custom configuration files, which are loaded alphabetically and can overri...
GeekLog <= 1.5.0 Remote Arbitrary File Upload Exploit
No description provided by source. !/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; print INTRO; +++++++++++++++++++++++++++++++++++++++++++++++++++++ + GeekLog = 1.5.0 Remote Arbitrary File Upload + + + + Discovered && Coded By: t0pP8uZz + + + + 0day?!?Most...
CVE-2001-0713
Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as 1 macro names that ar...