70 matches found
PT-2024-15774 · Monitorr · Monitorr
Name of the Vulnerable Software and Affected Versions: Monitorr version 1.7.6m Description: A critical vulnerability was found in Monitorr, affecting an unknown functionality of the file /assets/php/upload.php in the Services Configuration component. The manipulation of the fileToUpload argument...
Number withdrawn
Monitorr is Monitorr open source a web front-end . It is used to display the status of any web application or service in real time. This CVE number has been withdrawn...
Monitorr 1.7.6 Cross Site Scripting
Exploit Title: Monitorr v1.7.6 - Cross Site Scripting CVE: CVE-2023-26776 Exploit Author: Achuth V P retrymp3 Date: February 09, 2023 Vendor Homepage: https://github.com/Monitorr/ Software Link: https://github.com/Monitorr/Monitorr Tested on: Ubuntu Version: v1.7.6 Exploit Description: Cross Site...
CVE-2023-26775
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint...
CVE-2023-26775
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint...
CVE-2023-26776
Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the postreceiver-services.php file...
Cross site scripting
Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the postreceiver-services.php file...
Unrestricted file upload
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint...
PT-2023-20790 · Monitorr · Monitorr
Name of the Vulnerable Software and Affected Versions: Monitorr version 1.7.6 Description: A remote attacker can execute arbitrary code via a crafted file upload to the "assets/php/upload.php" endpoint. This allows for the potential execution of malicious code on the affected system...
CVE-2023-26776
Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the postreceiver-services.php file...
CVE-2023-26775
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint...
PT-2023-20791 · Monitorr · Monitorr
Name of the Vulnerable Software and Affected Versions: Monitorr version 1.7.6 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the title parameter of the "post receiver-services.php" file. This enables the attacker to inject malicious scripts into t...
CVE-2023-26776
CVE-2023-26776 affects Monitorr v1.7.6. It is a Cross Site Scripting vulnerability in the post_receiver-services.php title parameter that can let a remote attacker execute arbitrary code. The exploit details (PacketStorm) show how an attacker can craft a malicious title to run script code via the...
Monitorr 代码问题漏洞
Monitorr is Monitorr open source a web front-end . Used to display the status of any web application or service in real time . A security vulnerability exists in Monitorr version v.1.7.6. A remote attacker could exploit this vulnerability to execute arbitrary code via specially crafted files...
Monitorr 跨站脚本漏洞
Monitorr is Monitorr open source a web front-end . Used to display the status of any web application or service in real time . A cross-site scripting vulnerability exists in Monitorr version v.1.7.6. A remote attacker can exploit this vulnerability to execute arbitrary code...
CVE-2023-26775
Summary: CVE-2023-26775 affects Monitorr v1.7.6, where a crafted file upload to assets/php/upload.php can lead to remote arbitrary code execution. The NVD/Red Hat/CIRCL OSV entries confirm the same issue with high severity (CVSS 3.1 base score 7.8). Impact: remote attacker could execute code by u...
CVE-2023-26776
Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the postreceiver-services.php file...
CVE-2023-26775
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint...
Metasploit Weekly Wrap-Up
Zxyel Routers Beware This week we've released a module written by first time community contributor shr70 that can exploit roughly 45 different Zyxel router and VPN models. The module exploits a buffer overflow vulnerability that results in unauthenticated remote code execution on affected devices...
Monitorr 1.7.6m / 1.7.7d Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monitorr unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits an arbitrary file upload vulnerability and achieving...