27 matches found
EUVD-2026-33777
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0046
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0046
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0046
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0046
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-45571
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2014-8821
Malware in sbrugna...
Maarch LetterBox Arbitrary File Upload Vulnerability
Maarch LetterBox is a WEB-based application. Maarch LetterBox fails to properly validate uploaded files, allowing an attacker to exploit a vulnerability to submit special files and execute them with WEB privileges...
CVE-2015-1587
Unrestricted file upload vulnerability in filetoindex.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/...
CVE-2015-1587
Unrestricted file upload vulnerability in filetoindex.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/...
CVE-2015-1587
CVE-2015-1587 is an unrestricted file upload vulnerability in Maarch LetterBox (and GEC/GED), allowing remote attackers to execute arbitrary PHP by uploading a PHP file via file_to_index.php and then requesting it from a predictable file path in tmp/. It affects Maarch LetterBox 2.8 and earlier, ...
Maarch LetterBox 2.8 Unrestricted File Upload Exploit
This Metasploit module exploits a file upload vulnerability on Maarch LetterBox 2.8 due to a lack of session and file validation in the filetoindex.php script. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server. This...
Maarch LetterBox 2.8 Unrestricted File Upload
This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'Maarch LetterBox 2.8 Unrestricted File Upload', 'Description' = %q This module exploits a file upload vulnerabilit...
CVE-2014-8995
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie...
Sql injection
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie...
CVE-2014-8995
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie...
CVE-2014-8995
CVE-2014-8995 is an SQL injection vulnerability in Maarch LetterBox 2.8, enabling remote attackers to execute arbitrary SQL commands via the UserId cookie. The root cause is insecure handling of the UserId cookie that feeds into SQL queries. Affected software is Maarch LetterBox 2.8; the vulnerab...
Maarch LetterBox 2.8 Insecure Cookie Handling
Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier Download :...
Maarch LetterBox 2.8 - (Authentication Bypass) Insecure Cookies
Maarch LetterBox 2.8 - Authentication Bypass Insecure Cookies Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier...
Maarch LetterBox 2.8 - (Authentication Bypass) Insecure Cookies
Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier Download :...