Lucene search
+L

70 matches found

Prion
Prion
added 2020/01/17 5:16 p.m.22 views

Privilege escalation

An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource...

6.5CVSS8.4AI score0.01283EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/01/17 4:41 p.m.59 views

CVE-2019-15854

Summary: CVE-2019-15854 affects Maarch RM prior to 2.5. The issue is a privilege-escalation vulnerability where an authenticated user with the lowest privileges can elevate themselves to the highest administrator privileges by issuing a crafted PUT request to an unauthorized resource. What’s affe...

8.8CVSS8.4AI score0.01283EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/17 4:41 p.m.26 views

CVE-2019-15854

An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource...

8.6AI score0.01283EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/01/17 4:38 p.m.25 views

CVE-2019-15855

An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service...

9.1AI score0.01508EPSS
Exploits0References1
CVE
CVE
added 2020/01/17 4:38 p.m.65 views

CVE-2019-15855

Maarch RM prior to 2.5 is affected by a path traversal vulnerability that allows an unauthenticated remote attacker to overwrite arbitrary files via a crafted POST request, if the default installation procedure was followed. This can lead to a permanent Denial of Service, with impact described as...

9.1CVSS8.9AI score0.01508EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/02/21 12:0 a.m.4 views

Maarch LetterBox Arbitrary File Upload Vulnerability

Maarch LetterBox is a WEB-based application. Maarch LetterBox fails to properly validate uploaded files, allowing an attacker to exploit a vulnerability to submit special files and execute them with WEB privileges...

7.5CVSS7.1AI score0.44188EPSS
Exploits4References1
NVD
NVD
added 2015/02/19 3:59 p.m.16 views

CVE-2015-1587

Unrestricted file upload vulnerability in filetoindex.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/...

7.5CVSS7.6AI score0.44188EPSS
Exploits4References4
CVE
CVE
added 2015/02/19 3:0 p.m.54 views

CVE-2015-1587

CVE-2015-1587 is an unrestricted file upload vulnerability in Maarch LetterBox (and GEC/GED), allowing remote attackers to execute arbitrary PHP by uploading a PHP file via file_to_index.php and then requesting it from a predictable file path in tmp/. It affects Maarch LetterBox 2.8 and earlier, ...

7.5CVSS7.9AI score0.44188EPSS
Exploits4References4Affected Software2
Cvelist
Cvelist
added 2015/02/19 3:0 p.m.24 views

CVE-2015-1587

Unrestricted file upload vulnerability in filetoindex.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/...

7.6AI score0.44188EPSS
Exploits4References4
0day.today
0day.today
added 2015/02/14 12:0 a.m.37 views

Maarch LetterBox 2.8 Unrestricted File Upload Exploit

This Metasploit module exploits a file upload vulnerability on Maarch LetterBox 2.8 due to a lack of session and file validation in the filetoindex.php script. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server. This...

7.5CVSS7AI score0.44188EPSS
Exploits4
Packet Storm
Packet Storm
added 2015/02/12 12:0 a.m.34 views

Maarch LetterBox 2.8 Unrestricted File Upload

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'Maarch LetterBox 2.8 Unrestricted File Upload', 'Description' = %q This module exploits a file upload vulnerabilit...

7.5CVSS6.7AI score0.44188EPSS
Exploits4
NVD
NVD
added 2014/11/20 1:55 p.m.17 views

CVE-2014-8995

SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie...

5CVSS8.3AI score0.02217EPSS
Exploits1References3
Prion
Prion
added 2014/11/20 1:55 p.m.17 views

Sql injection

SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie...

5CVSS9.1AI score0.02217EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2014/11/20 11:0 a.m.47 views

CVE-2014-8995

CVE-2014-8995 is an SQL injection vulnerability in Maarch LetterBox 2.8, enabling remote attackers to execute arbitrary SQL commands via the UserId cookie. The root cause is insecure handling of the UserId cookie that feeds into SQL queries. Affected software is Maarch LetterBox 2.8; the vulnerab...

5CVSS8.7AI score0.02217EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/11/20 11:0 a.m.20 views

CVE-2014-8995

SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie...

8.3AI score0.02217EPSS
Exploits1References3
exploitpack
exploitpack
added 2014/11/17 12:0 a.m.21 views

Maarch LetterBox 2.8 - (Authentication Bypass) Insecure Cookies

Maarch LetterBox 2.8 - Authentication Bypass Insecure Cookies Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/17 12:0 a.m.24 views

Maarch LetterBox 2.8 Insecure Cookie Handling

Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier Download :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2014/11/17 12:0 a.m.23 views

Maarch LetterBox 2.8 - (Authentication Bypass) Insecure Cookies

Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier Download :...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.27 views

MAARCH 1.4 - Arbitrary File Upload

No description provided by source. / Exploit Title: Maarch 1.4 Arbitrary file upload Google Dork: intext:"Maarch Maerys Archive v2.1 logo" Date: 29/10/2014 Exploit Author: Adrien Thierry Exploit Advisory: http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html Vendor...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.24 views

MAARCH 1.4 - SQL Injection

No description provided by source. / Exploit Title: Maarch 1.4 SQL Injection Google Dork: intext:"Maarch Maerys Archive v2.1 logo" Date: 29/10/2014 Exploit Author: Adrien Thierry Exploit Advisory: http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html Vendor Homepage...

7.1AI score
Exploits0
Rows per page
Query Builder