5 matches found
CVE-2020-7521
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of FileUploadServlet which may lead to uploading executable files to non-specified directories...
Cisco Prime File Upload Servlet Remote Code Execution (CVE-2018-0258)
A remote code execution vulnerability has been reported in Cisco Prime File Upload Servlet. This is due to improper input validation of the parameters in the HTTP request and a processing error in the role-based access control RBAC of URLs. A remote attacker could exploit this vulnerability by...
UberFire: Information disclosure and RCE via insecure file upload/download servlets
It was discovered that the default implementation of FileUploadServlet and FileDownloadServlet provided by the UberFire Framework did not restrict the paths to which a file could be written or read from. In applications using this framework and exposing these servlets, a remote attacker could gai...
UberFire: Information disclosure and RCE via insecure file upload/download servlets
It was discovered that the default implementation of FileUploadServlet and FileDownloadServlet provided by the UberFire Framework did not restrict the paths to which a file could be written or read from. In applications using this framework and exposing these servlets, a remote attacker could gai...
Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Lexmark MarkVision Enterprise Arbitrary File Upload', 'Description' = %q This module exploits a code execution flaw in Lexmark...