phpBB 3.2.3 - Remote Code Execution

phpBB 3.2.3 - Remote Code Execution // All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath = 'phar://./../files/plupload/$saltaaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5'evil.zip' =...

Path Traversal in Oracle GlassFish Server Open Source Edition

This module exploits an unauthenticated directory traversal vulnerability which exists in administration console of Oracle GlassFish Server 4.1, which is listening by default on port 4848/TCP. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2018-3730

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path...

Path traversal

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path...

CVE-2018-3730

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path...

CVE-2018-3731

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path...

Arbitrary File Write

maven-core is vulnerable to arbitrary file writes. The application does not properly validate the destination filepath when during zip file extraction, allowing a malicious user to control the write destination and overwrite files...

Arbitrary File Write

zip4j is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Cross-site Scripting (XSS)

github.com/koding/koding is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the status bar filepath variable...

Arbitrary Code Execution

squizlabs/PHPCodeSniffer is vulnerable to remote code execution RCE attacks. The library does not properly escape the filepath variable for the generateDiff function, allowing a malicious user to inject and execute arbitrary shell commands...

Filepath Modification

October CMS is vulnerable to filepath modifications. The library does not validate the path of a file when it is uploaded, allowing a malicious user to create malicious files and file directories on the server...

ManageEngine ServiceDesk Arbitrary File Download Vulnerability

ZOHO ManageEngine ServiceDesk is the United States ZhuoHao ZOHO company's set of web-based help desk HelpDesk and asset management software. An arbitrary file download vulnerability exists in ZOHO ManageEngine ServiceDesk version 9.3.9328, which is caused by the program failing to restrict the...

Directory Traversal

pimcore is vulnerable to directory traversal attacks. The library does not properly validate the filepath, allowing a malicious user to pass a filepath without the file to the application...

Information Disclosure

Dolibarr is vulnerable to information disclosure. When sanitizing the filepath, the application prints the file name to the user when it encounters an error verifying the filename...

Remote Code Execution (RCE)

codiad/codiad is vulnerable to remote code execution RCE attacks. The library does not properly escape the filepath, allowing a malicious user to inject and execute arbitrary system commands. This CVE is different from CVE-2017-11366 and CVE-2017-15689...

USN-3382-1: PHP vulnerabilities

It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. CVE-2015-8994 It was discovered that the PHP...

Arbitrary File Download Vulnerability in Filepath Parameter of Mixcall Attendant Management System

Mixcall seat management system is based on B/S architecture, the management personnel can directly log into the Mixcall seat management center through the computer, and view the detailed situation related to the seat personnel's voice services. An arbitrary file download vulnerability exists in t...

天空教室精品系统 /sc8/coursefiledownload 参数 filepath 任意文件下载漏洞

No description provided by source...

宝信建站系统 /EC/DM/ECDM0104.jsp 参数 filePath 下载漏洞

0x01 漏洞框架 相关厂商： 上海宝信软件股份有限公司 提交时间： 2015-04-26 公开时间： 2015-07-27 漏洞类型： 任意文件遍历/下载 上海宝信软件股份有限公司（简称“宝信软件”）系宝钢股份控股的软件企业，2001年4月上市，公司总部位于上海浦东张江高科技园区。...

php: buffer overflow and stack smashing error in phar_fix_filepath

A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...