70 matches found
Privilege escalation
An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource...
CVE-2019-15854
Summary: CVE-2019-15854 affects Maarch RM prior to 2.5. The issue is a privilege-escalation vulnerability where an authenticated user with the lowest privileges can elevate themselves to the highest administrator privileges by issuing a crafted PUT request to an unauthorized resource. What’s affe...
CVE-2019-15854
An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource...
CVE-2019-15855
An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service...
CVE-2019-15855
Maarch RM prior to 2.5 is affected by a path traversal vulnerability that allows an unauthenticated remote attacker to overwrite arbitrary files via a crafted POST request, if the default installation procedure was followed. This can lead to a permanent Denial of Service, with impact described as...
Maarch LetterBox Arbitrary File Upload Vulnerability
Maarch LetterBox is a WEB-based application. Maarch LetterBox fails to properly validate uploaded files, allowing an attacker to exploit a vulnerability to submit special files and execute them with WEB privileges...
CVE-2015-1587
Unrestricted file upload vulnerability in filetoindex.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/...
CVE-2015-1587
CVE-2015-1587 is an unrestricted file upload vulnerability in Maarch LetterBox (and GEC/GED), allowing remote attackers to execute arbitrary PHP by uploading a PHP file via file_to_index.php and then requesting it from a predictable file path in tmp/. It affects Maarch LetterBox 2.8 and earlier, ...
CVE-2015-1587
Unrestricted file upload vulnerability in filetoindex.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/...
Maarch LetterBox 2.8 Unrestricted File Upload Exploit
This Metasploit module exploits a file upload vulnerability on Maarch LetterBox 2.8 due to a lack of session and file validation in the filetoindex.php script. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server. This...
Maarch LetterBox 2.8 Unrestricted File Upload
This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'Maarch LetterBox 2.8 Unrestricted File Upload', 'Description' = %q This module exploits a file upload vulnerabilit...
CVE-2014-8995
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie...
Sql injection
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie...
CVE-2014-8995
CVE-2014-8995 is an SQL injection vulnerability in Maarch LetterBox 2.8, enabling remote attackers to execute arbitrary SQL commands via the UserId cookie. The root cause is insecure handling of the UserId cookie that feeds into SQL queries. Affected software is Maarch LetterBox 2.8; the vulnerab...
CVE-2014-8995
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie...
Maarch LetterBox 2.8 - (Authentication Bypass) Insecure Cookies
Maarch LetterBox 2.8 - Authentication Bypass Insecure Cookies Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier...
Maarch LetterBox 2.8 Insecure Cookie Handling
Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier Download :...
Maarch LetterBox 2.8 - (Authentication Bypass) Insecure Cookies
Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier Download :...
MAARCH 1.4 - Arbitrary File Upload
No description provided by source. / Exploit Title: Maarch 1.4 Arbitrary file upload Google Dork: intext:"Maarch Maerys Archive v2.1 logo" Date: 29/10/2014 Exploit Author: Adrien Thierry Exploit Advisory: http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html Vendor...
MAARCH 1.4 - SQL Injection
No description provided by source. / Exploit Title: Maarch 1.4 SQL Injection Google Dork: intext:"Maarch Maerys Archive v2.1 logo" Date: 29/10/2014 Exploit Author: Adrien Thierry Exploit Advisory: http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html Vendor Homepage...