FOGProject 1.5.9 - File Upload Remote Code Execution (Authenticated) Vulnerability

Exploit Title: FOGProject 1.5.9 - File Upload RCE Authenticated Exploit Author: email protected Vendor Homepage: https://fogproject.org Software Link: https://github.com/FOGProject/fogproject/archive/1.5.9.zip Tested on: Debian 10 On the Attacker Machine: 1 Create an empty 10Mb file. dd...

GetSimple CMS My SMTP Contact 1.1.1 CSRF/ XSS / Code Execution

Exploit Title: GetSimple CMS My SMTP Contact Plugin = v1.1.1 - CSRF to Stored XSS to RCE Exploit Author: Bobby Cooke boku Date: April 22nd, 2021 Vendor Homepage: http://get-simple.info & Software Link: http://get-simple.info/download/ Version: Exploit = v1.1.1 | Stored XSS = v1.1.2 Tested against...

GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Exploit

Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Exploit Author: Bobby Cooke boku Vendor Homepage: http://get-simple.info & Software Link: http://get-simple.info/download/ Version: Exploit = v1.1.1 | Stored XSS = v1.1.2 Tested against Server Host: Windows 10 P...

rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) Exploit (2)

Exploit Title: rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated 2 Exploit Author: Vishwaraj Bhattrai Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: = v3.9.6 Tested against Server Host: Linux+XAMPP import...

Command Execution Vulnerability in PbootCMS of Hunan Aoyun Network Technology Co. Ltd (CNVD-2021-32163)

PbootCMS is an open source and free PHP enterprise web development and construction management system. Hunan Avion Network Technology Co., Ltd PbootCMS has a command execution vulnerability that can be exploited by attackers to execute arbitrary PHP code and gain server privileges...

Command Execution Vulnerability in PbootCMS of Hunan Aoyun Network Technology Co. Ltd (CNVD-2021-30915)

PbootCMS is an open source and free PHP enterprise web development and construction management system. Hunan Avion Network Technology Co., Ltd PbootCMS has a command execution vulnerability that can be exploited by attackers to execute arbitrary PHP code and gain server privileges...

GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to Remote Code Execution Exploit

Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE Exploit Author: Bobby Cooke boku Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/extend/download.php?file=files/18274/1221/my-smtp-contact1.1.1.zip&id=1221 Vendor: NetExplorer Version: = v1.1.1...

GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution

Exploit Title: GetSimple CMS My SMTP Contact Plugin = v1.1.1 - CSRF to RCE Exploit Author: Bobby Cooke boku Date: April 15th, 2021 Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/extend/download.php?file=files/18274/1221/my-smtp-contact1.1.1.zip&id=1221 Vendor:...

GetSimple CMS My SMTP Contact Plugin 1.1.1 - Cross-Site Request Forgery

Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE Exploit Author: Bobby Cooke boku Date: 15/04/2021 Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/extend/download.php?file=files/18274/1221/my-smtp-contact1.1.1.zip&id=1221 Vendor: NetExplorer...

A week in security (March 29 – April 4)

Last week on Malwarebytes Labs, our podcast featured Malwarebytes senior security researcher JP Taggart, who talked to us about why you need to trust your VPN. You’ve likely heard the benefits of using a VPN: You can watch TV shows restricted to certain countries, you can encrypt your web traffic...

Invigo Automatic Device Management Command Injection Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A command injection vulnerability exists in /admin/broadcast.php in Invigo Automat...

CVE-2020-10580

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...

CVE-2020-10580

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...

Command injection

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...

CVE-2020-10580

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...

PT-2021-9155 · Invigo · Invigo Automatic Device Management

Name of the Vulnerable Software and Affected Versions: Invigo Automatic Device Management ADM versions through 5.0 Description: A command injection issue in the /admin/broadcast.php script allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the...

Invigo Automatic Device Management 命令注入漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A command injection vulnerability exists in /admin/broadcast.php in Invigo Automat...

ExpressionEngine 6.0.2 PHP Code Injection Vulnerability

---------------------------------------------------------------------------- ExpressionEngine security-sanitizefilename$file; 366. 367. $destdir = $this-languagesdir . $language . '/'; 368. $filename = $file . 'lang.php'; 369. $destloc = $destdir . $filename; 370. 371. $str = 'lang-loadfile$file;...

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...