EUVD-2020-28646

Malware in sbrugna...

EUVD-2022-2796

Malicious code in bioql PyPI...

Exploit for Path Traversal in Wso2 Api_Manager

WSO2 RCE CVE-2022-29464 exploit and writeup. Details CVE-20...

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 WSO2 RCE CVE-2022-29464 exploit. Details C...

CVE-2020-7521

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of FileUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2020-7521

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of FileUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2020-7521

CVE-2020-7521 is a path-traversal vulnerability in SFAPV9601 APC Easy UPS On-Line Software (V2.0 and earlier). The flaw occurs in FileUploadServlet and can allow uploading executable files to arbitrary directories, potentially enabling remote code execution. Affected product: Schneider Electric A...

Schneider Electric APC Easy UPS Online FileUploadServlet processRequest Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet class. When parsing the filename parameter,...

Schneider Electric APC Easy UPS On-Line FileUploadServlet Path Traversal Vulnerability

The Schneider Electric APC Easy UPS On-Line is a UPS solution. A path traversal vulnerability exists in the Schneider Electric APC Easy UPS On-Line FileUploadServlet, which can be exploited by a remote attacker to submit a special request to upload arbitrary files to an arbitrary directory...

Cisco Data Center Network Manager Unauthenticated Remote Code Execution Exploit

DCNM exposes a file upload servlet FileUploadServlet at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication...

Cisco Data Center Network Manager Unauthenticated Remote Code Execution

DCNM exposes a file upload servlet FileUploadServlet at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication...

HPE Intelligent Management Center (IMC) Remote Code Execution Vulnerability (CNVD-2019-23765)

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A FileUploadServlet unrestricted file upload remote code execution vulnerability exists in HPE Intelligent...

(0Day) Hewlett Packard Enterprise Intelligent Management Center FileUploadServlet Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

ZOHO ManageEngine Desktop Central Arbitrary File Execution Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A security...

CVE-2015-8249

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter...

Authorization

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter...

CVE-2015-8249

CVE-2015-8249 is a vulnerability in ManageEngine Desktop Central 9 where the FileUploadServlet accepts user-controlled ConnectionId and allows uploading and executing arbitrary files. The issue occurs in builds prior to 91093 and can lead to remote code execution (context: SYSTEM) via crafted upl...

CVE-2015-8249

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter...

ManageEngine Desktop Central 10 Build 100087 RCE(CVE-2017-11346)

Description: When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter using hasVulnerabilityInFileName function. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which...

ManageEngine Desktop Central 10 Build 100087 Remote Code Execution

Exploit Title: ManageEngine Desktop Central 10 Build 100087 RCE Date: 24-07-2017 Software Link: https://www.manageengine.com/products/desktop-central/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ CVE: CVE-2017-11346 Category: remote ...