40 matches found
CoreFTP Server build 725 - Directory Traversal (Authenticated)
Exploit Title: CoreFTP Server build 725 - Directory Traversal Authenticated Date: 08/01/2022 Exploit Author: LiamInfosec Vendor Homepage: http://coreftp.com/ Version: build 725 and below Tested on: Windows 10 CVE : CVE-2022-22836 Description: CoreFTP Server before 727 allows directory traversal f...
CVE-2022-22836
CoreFTP Server before 727 allows directory traversal for file creation by an authenticated attacker via ../ in an HTTP PUT request...
Backdoor.Win32.Whgrx Remote Stack Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/eb6fd418cd3b52132ffb029b52839edf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Whgrx Vulnerability: Remote Host Header Stack Buffer Overflow Description: The specim...
CVE-2020-13768
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued...
CVE-2017-12615
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. Mitigation Ensure that readonly is set to true the default for the...
Design/Logic Flaw
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or...
CVE-2018-4018
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or...
CVE-2019-11489
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...
Improper access control
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...
CVE-2019-11489
CVE-2019-11489 affects SimplyBook.me Enterprise (older releases) where the Administrative Management Interface enforces incorrect access control. Affected: authenticated low-privilege users; vulnerability allows elevation to full admin rights via a crafted HTTP PUT to a /v2/rest/ endpoint with mo...
CVE-2019-11489
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...
Authorization Bypass
openstack-glance is vulnerable to authorization bypass. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to...
Apache Tomcat 'HTTP PUT Request' JSP Upload Code Execution Vulnerability
Apache Tomcat is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...
Apache Tomcat 'HTTP PUT Request' Code Execution Vulnerability - Windows
Apache Tomcat is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...
SRC-2016-0032 : Samsung Security Manager ActiveMQ Broker Service PUT Method Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...
CVE-2016-3088
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...
Samsung Security Manager ActiveMQ Broker Service MOVE Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. Successful exploitation allows an attacker to gain complete control of the system on which the product is...
CVE-2011-2900
Stack-based buffer overflow in the 1 putdir function in mongoose.c in Mongoose 3.0, 2 putdir function in yasslEWS.c in yaSSL Embedded Web Server yasslEWS 0.2, and 3 shttpdputdir function in iodir.c in Simple HTTPD shttpd 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT...
Stack overflow
Stack-based buffer overflow in the 1 putdir function in mongoose.c in Mongoose 3.0, 2 putdir function in yasslEWS.c in yaSSL Embedded Web Server yasslEWS 0.2, and 3 shttpdputdir function in iodir.c in Simple HTTPD shttpd 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT...
CVE-2011-2900
Stack-based buffer overflow in the 1 putdir function in mongoose.c in Mongoose 3.0, 2 putdir function in yasslEWS.c in yaSSL Embedded Web Server yasslEWS 0.2, and 3 shttpdputdir function in iodir.c in Simple HTTPD shttpd 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT...