CVE-2024-4885

Progress WhatsUp Gold GetFileWithoutZip Directory Traversal (CVE-2024-4885) allows unauthenticated remote code execution. The flaw stems from unvalidated user-supplied paths used in file operations within GetFileWithoutZip, enabling commands to run with iisapppool\nmconsole/service account privil...

Advantech WebAccess SCADA Dashboard Arbitrary File Upload (CVE-2016-0854)

An arbitrary file upload vulnerability has been reported in the Dashboard component of Advantech WebAccess. The vulnerability is due to insufficient input validation within the uploadImageCommon, uploadFile or uploadBannerImage methods in the UploadAjaxAction script. A remote, unauthenticated...

Advantech Webaccess Dashboard Viewer - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Advantech WebAccess Dashboard Viewer Arbitrary File Upload", 'Description' = %q This module exploits an arbitrary file upload...

Advantech Webaccess Dashboard Viewer - Arbitrary File Upload (Metasploit)

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Advantech WebAccess Dashboard Viewer Arbitrary File Upload",...

Advantech WebAccess 8.0 Dashboard Viewer Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Advantech WebAccess Dashboard Viewer Arbitrary File Upload", 'Description' = %q This module exploits an arbitrary file upload...

Advantech WebAccess Dashboard Viewer uploadImageCommon Arbitrary File Upload

This module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw...

Advantech WebAccess Dashboard Viewer saveGeneralFile Arbitrary File Creation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the SaveGeneralFile...

Advantech WebAccess Dashboard Viewer FileUploadHandler Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the FileUpload scri...

Advantech WebAccess Dashboard Viewer ImageUploadHandler Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageComm...

Umbraco CMS Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Umbraco CMS Remote Command Execution'...