Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution

Exploit Title: Jfrog Artifactory alert/Vulnerable/" within the file app.html : POST /artifactory/ui/artifact/upload HTTP/1.1 Host: removed User-Agent: removed Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate...

Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution Vulne

Exploit for linux platform in category web applications Exploit Title: Jfrog Artifactory alert/Vulnerable/" within the file app.html : POST /artifactory/ui/artifact/upload HTTP/1.1 Host: removed User-Agent: removed Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8...

CVE-2018-10212

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value...

Authorization

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value...

CVE-2018-10209

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name...

CVE-2018-10212

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value...

CVE-2018-10212

CVE-2018-10212 affects Vaultize Enterprise File Sharing 17.05.31, due to improper authorization that allows creation of folders in another account when a device value is modified. Multiple connected sources document this vulnerability; NVD lists CVSSv3.0 base score 5.4 (Medium). PT-2018-9759 expl...

PT-2018-9759 · Vaultize · Vaultize Enterprise File Sharing

Name of the Vulnerable Software and Affected Versions: Vaultize Enterprise File Sharing version 17.05.31 Description: An issue was discovered that allows improper authorization, leading to the creation of folders within another account via a modified device value. Recommendations: For Vaultize...

Monstra CMS 3.0.4 Arbitrary Folder Deletion

Exploit Title: Monstra CMS 3.0.4 allows remote attackers to delete folder via an get request Date: 2018-03-26 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: macos 10.12.6, php 5....

Monstra CMS 3.0.4 - Arbitrary Folder Deletion

Exploit Title: Monstra CMS 3.0.4 allows remote attackers to delete folder via an get request Date: 2018-03-26 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: macos 10.12.6, php 5....

Monstra CMS 3.0.4 - Arbitrary Folder Deletion

Monstra CMS 3.0.4 - Arbitrary Folder Deletion Exploit Title: Monstra CMS 3.0.4 allows remote attackers to delete folder via an get request Date: 2018-03-26 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra...

Command Execution Vulnerability in Panmicro e-cology

Panmicro Collaborative Management Application Platform e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, an...

After I upgrade Windows 10 on my OS layer, what do I do about the C:\Windows.old folder?

When you upgrade Windows 10 from one major version to another 1703 to 1709, for instance, the previous Windows installation is left in a C:\Windows.old folder. In App Layering, you must not delete this folder. Our software needs to copy our drivers and other files from Windows.old to Windows once...

CVE-2018-0531

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors...

CVE-2018-0531

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors...

Design/Logic Flaw

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors...

ExpressionEngine: RCE By import channel field

The reporter determined that a malicious Channel Set could be used to allow an administrator to upload a PHP file that they might otherwise not have permission to upload. Combined with the temporary folder name algorithm being available in the source code, the malicious administrator could...

Cybozu Garoon Browsing Restriction Bypass Vulnerability (CNVD-2018-08809)

Cybozu Garoon is an office software with Chinese, Japanese, and English languages. A browsing restriction bypass vulnerability exists in the application "Cabinet" in Cybozu Garoon 3.5.0 through 4.6.1. The vulnerability can be exploited by users who can log in to the product to view folder names...

Cybozu Garoon Operation Limit Bypass Vulnerability

Cybozu Garoon is an office software with Chinese, Japanese, and English languages. An operation restriction bypass vulnerability exists in "Folder Settings" in Cybozu Garoon 3.0.0 through 4.2.6. The vulnerability can be exploited by a user with administrative privileges for one or more folders to...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. SQL injection in the application "Address" CWE-89 - CVE-2018-0530 Operation restriction bypass in the "Folder settings" CWE-264 - CVE-2018-0531 Operation restriction bypass in the setting of Login...