PT-2023-8445

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.441 and earlier, including LTS 2.426.2 and earlier. Description: Jenkins is vulnerable to an arbitrary file read vulnerability through its command line interface CLI. This flaw stems from the args4j library's expandAtFiles...

PT-2022-26739 · Ayacms · Ayacms

Name of the Vulnerable Software and Affected Versions: AyaCMS version 3.1.2 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability in the /admin/fst upload.inc.php component. Recommendations: For AyaCMS version...

CVE-2022-41657

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

CVE-2022-2979 Omron CX-Programmer

Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution...

dotCMS Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DotCMS RCE via Arbitrary File Upload.', 'Description' = %q When files are uploaded into dotCMS via the content API, but before they become conten...

Sports Complex Booking System 1.0 Local File Inclusion Vulnerability

Title: Sports Complex Booking System 1.0 LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip Reference:...

CVE-2021-3129

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2...

CVE-2020-26108

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution SEC-488...

CVE-2013-3738

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code...

CVE-2015-1326 python-dbusmock arbitrary code execution or file overwrite when templates are loaded from /tmp

python-dbusmock before version 0.15.1 AddTemplate D-Bus method call or DBusTestCase.spawnservertemplate method could be tricked into executing malicious code if an attacker supplies a .pyc file...

CVE-2017-2617

hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed...

Apache Struts 2 Jakarta Multipart Parser file upload command execution

Added: 03/16/2017 CVE: CVE-2017-5638 BID: 96729 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The Jakarta...

AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities

Exploit for php platform in category web applications + Credits: hyp3rlinx + ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product: ======================= AjaxExplorer v1.10.3.2 Manage server files through simple windows...

1024 CMS 1.1.0 Beta - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/47282/info 1024cms is prone to multiple cross-site scripting vulnerabilities, multiple local file-include vulnerabilities, and a directory-traversal vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an...

Rookie Club of the simple broiler production big run-vulnerability warning-the black bar safety net

A. Preface.. Back door making for success after the invasion to maintain Rights has a very important significance,this article describes a simple and practical the back door of the production technology,as well as how to make a broiler. Ha ha hado not turn into bad kids! II. Ready.. First, we nee...

CVE-2009-1373

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin formerly Gaim before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information...

EUVD-2008-5204

Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008...

CVE-2007-0787

CVE-2007-0787 describes a PHP remote file inclusion vulnerability in controller.php of the Simple Invoices application, before version 20070202. The flaw allows an attacker to execute arbitrary PHP code by supplying a URL in the module or view parameter. The underlying issue is improper handling ...

EUVD-2007-0362

PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter...

CVE-2006-4346

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...