27 matches found
EUVD-2008-0453
Malware in sbrugna...
CVE-2022-23552 Grafana stored XSS in FileUploader component
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly...
Design/Logic Flaw
An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs ...
CVE-2018-17058
An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs ...
Security Bulletin: Multiple cross-site scripting (XSS) vulnerabilities in IBM Dojo Toolkit affects IBM Case Manager (CVE-2014-8917)
Summary There are multiple cross-site scripting XSS vulnerabilities in 1 uploader.swf, 2 fileuploader.swf, 3 audio.swf, and 4 video.swf in the IBM Dojo Toolkit. Vulnerability Details CVE-ID: CVE-2014-8917 Description: There are multiple cross-site scripting XSS vulnerabilities in the following IB...
ManageEngine ServiceDesk Plus Arbitrary File Upload Exploit
This Metasploit module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on versions v9 b9000 - b9102 in Windows and Linux. The...
ManageEngine ServiceDesk Plus Arbitrary File Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine ServiceDesk Plus Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in...
ManageEngine ServiceDesk Plus Arbitrary File Upload
This module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This module has been tested successfully on versions v9 b9000 - b9102 in Windows and Linux. The MSP versions do not...
WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload
WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload Google Dork: inurl:wp-content/plugins/reflex-gallery/ Date: 08.03.2015 Exploit Author: CrashBandicot @DosPerl Vendor Homepage:...
Wordpress Plugin Reflex Gallery - Arbitrary File Upload Vulnerability
Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload Google Dork: inurl:wp-content/plugins/reflex-gallery/ Vendor Homepage: https://wordpress.org/plugins/reflex-gallery/ Version: 3.1.3 Last Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload Google Dork:...
Joomla Dione FileUploader 1.0.1 Shell Upload
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
Joomla Components - Dione FileUploader Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
ImageShack Toolbar ImageShackToolbar.dll控件不安全方式漏洞
BUGTRAQ ID: 27439 ImageShack Toolbar是用于向ImageShack网站上传文件的浏览器内嵌工具栏。 ImageShack Toolbar的ActiveX控件实现上存在漏洞,远程攻击者可能利用此漏洞获取系统文件。 ImageShack Toolbar所安装的ImageShackToolbar.FileUploader.1...
Heap overflow
Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party informatio...
ImageShack Toolbar 4.5.7 FileUploader Class Insecure Method PoC
No description provided by source. !-- ImageShack Toolbar 4.5.7 FileUploader Class ImageShackToolbar.dll insecure method poc This tool may allow a malicious web page to post arbitrary images on the web from a user hard drive. Images will be visible on ImageShack site, a way for an attacker to...
CVE-2008-0443
Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party informatio...
Lycos文件上传组件'FileUploader.dll' ActiveX控件缓冲区溢出漏洞
Lycos FileUploader是一款文件上传组件。 Lycos FileUploader包含的ActiveX控件存在缓冲区溢出问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 构建恶意的WEB页,诱使用户打开,可导致以应用程序进程权限执行任意指令. Lycos FileUploader.dll 2.0 2 目前没有详细解决方案提供...
CVE-2008-0443
Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party informatio...
CVE-2008-0443
The CVE-2008-0443 issue affects the Lycos FileUploader Module, specifically the FileUploader.dll 2.0.0.2 ActiveX control (FileUploader.FUploadCtl.1). A heap-based buffer overflow is triggered by a long HandwriterFilename property value, allowing remote attackers to execute arbitrary code. This is...
ImageShack Toolbar 4.5.7 FileUploader Class Insecure Method PoC
Exploit for unknown platform in category remote exploits =============================================================== ImageShack Toolbar 4.5.7 FileUploader Class Insecure Method PoC ===============================================================...