CVE-2023-53872

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

CVE-2023-53872

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

CVE-2023-53872 Wp2Fac 1.0 OS Command Injection via send.php Endpoint

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

CVE-2023-53872

Wp2Fac 1.0 has an OS command injection vulnerability in the send.php endpoint. The vulnerability allows remote attackers to execute arbitrary system commands by injecting shell commands through the numara parameter (using & to chain commands). Impact is described as high for confidentiality, inte...

CVE-2023-53872 Wp2Fac 1.0 OS Command Injection via send.php Endpoint

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

PT-2025-51290

Name of the Vulnerable Software and Affected Versions Wp2Fac version 1.0 Description The software contains an OS command injection issue in the send.php endpoint. This allows remote attackers to execute arbitrary system commands. The issue occurs because attackers can inject shell commands throug...

EUVD-2007-2942

Malware in sbrugna...

EUVD-2008-1223

Malware in sbrugna...

EUVD-2008-1222

Malware in sbrugna...

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

Numara / BMC Track-It! FileStorageService Arbitrary File Upload Exploit

This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 9004 for version 8 which accepts unauthenticated uploads. This can be abused by a malicious user to uploa...

Numara / BMC Track-It! FileStorageService - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Numara / BMC Track-It! FileStorageService Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file upload...

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

This module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 9004 for version 8 which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or...

CVE-2008-7158

Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 transcriptFile parameter to MRcgi/MRchat.pl or 2 LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party...

CVE-2008-7158

Numara FootPrints versions 7.5a–8.0a are affected by a remote command execution vulnerability due to unsanitized shell metacharacters in the transcriptFile parameter to MRcgi/MRchat.pl or the LOADFILE parameter to MRcgi/MRABLoad2.pl. The underlying issue enables arbitrary command execution with a...

CVE-2008-7158

Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 transcriptFile parameter to MRcgi/MRchat.pl or 2 LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party...

Cross site scripting

Cross-site scripting XSS vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-1213

Cross-site scripting XSS vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-1214

MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1214

MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...