CVE-2025-30131

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam...

CVE-2025-30131

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam...

CVE-2024-57487

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server...

CVE-2025-32821

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance...

PortlandLabs Concrete5 code issue vulnerability

PortlandLabs Concrete5 is an open source content management system CMS from PortlandLabs, Inc. PortlandLabs Concrete5 version 8.5.2 and prior versions are vulnerable to a code issue that could be exploited by attackers to upload dangerous files and execute arbitrary commands...

Wolf CMS - Arbitrary File Upload Execution

Wolf CMS - Arbitrary File Upload Execution Exploit Title : Wolf CMS 0.8.2 Arbitrary File Upload To Command Execution Reported Date : 05-May-2015 Fixed Date : 10-August-2015 Exploit Author : Narendra Bhati CVE ID : CVE-2015-6567 , CVE-2015-6568 Contact: Facebook :...

GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection

GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection Affected software: GoAutoDial Affected version: 3.3-1406088000 GoAdmin and previous releases of GoAutodial 3.3 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory:...

phpAcounts v. 0. 5. 3 SQL injection and fix-vulnerability warning-the black bar safety net

Author: loneferret Affected version: 0.5.3 Developer address: http://phpaccounts.com/ Test platform: Ubuntu Server 11.10 Old app, still fun. Auth. Bypass: http://www.xxx.com /phpaccounts/index.php Username: x' or '1'='1' Password: whatever Upload php shell in preferences Letterhead image upload...

phpAdvanced.txt

oooo...oooo.oooooooo8.ooooooooooo .8888o..88.888........88..888..88 .88.888o88..888oooooo.....888 .88...8888.........888....888 o88o....88.o88oooo888....o888o Network security team nst.void.ru Title: PHP Advanced Transfer Manager v1.21 Bug found by: nst Date: 06.05.2005 Owner: phpatm.free.fr...

CVE-2003-0950

PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random system time name of the directory used to store the file, and directly requesting that file...