CVE-2024-27625

CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting XSS. This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field...

QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

Introduction In 2021, we began to investigate an attack on the telecom industry in South Asia. During the investigation, we discovered QSC: a multi-plugin malware framework that loads and runs plugins modules in memory. The framework includes a Loader, a Core module, a Network module, a Command...

CVE-2024-27625

CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting XSS. This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field...

CVE-2017-15235

The File Manager gollem module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename...

Moodle Arbitrary File Upload Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. An arbitrary file upload vulnerability exists in the legacy course file and file manag...

Webmin /file/show.cgi Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Webmin 1.580 - '/file/show.cgi' Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Webmin /file/show.cgi Remote Command...

Webmin /file/show.cgi Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Webmin /file/show.cgi Remote Command...

CVE-2008-6541

The CVE-2008-6541 entry describes an unrestricted file upload vulnerability in the DotNetNuke file manager module prior to version 4.8.2. Remote administrators could upload arbitrary files and gain server privileges via unspecified vectors. Affected product: DotNetNuke, component: file manager mo...

Design/Logic Flaw

index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message...

Command execution in phprojekt.

"PHProjekt is a modular application for the coordination of group activities and to share informations and document via intranet and internet. Components of PHProjekt: Group calendar, project management, time card system, file management, contact manager, mail client and 9 other modules ...featur...