CVE-2024-42455

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The...

GHSA-G46H-V2CC-6C94 Information Disclosure in TYPO3 CMS

Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability...

Information Disclosure in TYPO3 CMS

Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability...

PT-2023-32844 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A vulnerability was found in the function upload of the file FileCollectionController.php of the component Content Type Handler. This leads to unrestricted upload. The attack may be launched remotely...

Fennec - Artifact Collection Tool For *Nix Systems

fennec is an artifact collection tool written in Rust to be used during incident response on nix based systems. fennec allows you to write a configuration file that contains how to collect artifacts. Features A single statically compiled binary Execute any osquery SQL query Execute system command...

CVE-2017-1000138

Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title...

Arbitrary File Write Vulnerability in SiteServer CMS Backend

SiteServer CMS is a website content management system developed by Beijing Billion Software Technology Development Co., Ltd. and is widely used in state ministries, group companies and large-scale portal sites. The information collection function in the management background of SiteServer CMS doe...

Splunk collect file Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Splunk. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the advanced search...

Windows Gather Generic File Collection

This module downloads files recursively based on the FILEGLOBS option. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Generic File Collection', 'Description' = %q This module...