21 matches found
CVE-2024-14037
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...
CVE-2022-50973
Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...
CVE-2022-50973
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...
EUVD-2024-55646
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...
CVE-2024-14037
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...
CVE-2024-14037
CVE-2024-14037 describes an unauthenticated arbitrary file upload vulnerability in Redsea Cloud eHR via the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST containing a JSP webshell disguised with a spoofed image/jpeg Content-Type, bypassing extension/MIME checks, resulting in...
PT-2026-55262
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description An unauthenticated arbitrary file upload issue exists in the com.sksoft.bill.ImageUpload servlet. Unauthenticated attackers can upload arbitrary files by submitting a POST request to the endpoint without...
CVE-2019-25714
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...
Exploit for CVE-2024-53667
CVE-2024-53677 — How the Exploit Works and How to Run It V...
CVE-2026-44257
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...
CVE-2026-44257
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...
CVE-2026-44257
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...
CVE-2026-44257 efw4.X: RCE via zipslip
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...
CVE-2019-25714
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...
CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...
CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...
CVE-2019-25714
CVE-2019-25714 affects Seeyon OA A8, with an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint. The issue allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests containing base64-encoded pa...
VulnCheck KEV: CVE-2019-25714
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...
Aerohive Networks HiveManager Remote Shell Upload Exploit
Exploit for hardware platform in category web applications I. BACKGROUND Aerohive Networks HiveManager Classic Online NMS is a cloud-enabled enterprise-class management system for Aerohive networking products. HiveManager Classic Online offers simple policy creation, firmware upgrades, and...
Kinsey Infor / Lawson / ESBUS - SQL Injection Vulnerability
Exploit for jsp platform in category web applications Exploit Title: Kinsey Infor / Lawson ESBUS - Multiple SQL Injections Date: 3/10/2017 Exploit Author: Michael Benich Vendor homepage: http://www.kinsey.com/infor-lawson.html Version: ALL Tested on: Windows Server 2008 R2; MySQL ver 5.5 CVE:...