40 matches found
PT-2023-20333 · Pluck Cms · Pluck Cms
Name of the Vulnerable Software and Affected Versions: Pluck CMS affected versions not specified Description: The issue concerns an authenticated remote code execution RCE vulnerability through the "albums" module. This module allows the creation of image collections that can be inserted into web...
GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing CIDR block for scanning the network during the attack, and it targeted all I...
Nagios XI Autodiscovery Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Autodiscovery Webshell Upload', 'Description' = %q This module exploits a path traversal issue in Nagios XI before version 5.8.5...
Nagios XI Autodiscovery Webshell Upload
This module exploits a path traversal issue in Nagios XI before version 5.8.5 CVE-2021-37343. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field...
TestLink 1.9.20 - Unrestricted File Upload (Authenticated)
Exploit Title: TestLink 1.9.20 - Unrestricted File Upload Authenticated Date: 14th February 2021 Exploit Author: snovvcrash Original Research by: Ackcent AppSec Team Original Research: https://ackcent.com/testlink-1-9-20-unrestricted-file-upload-and-sql-injection/ Vendor Homepage:...
CVE-2020-23828
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution RCE on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses...
Unrestricted file upload
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution RCE on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses...
CVE-2020-23934
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section...
CVE-2020-23934
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section...
Artica Pandora FMS Code Issue Vulnerability (CNVD-2020-32914)
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in the File Manager feature in Artica Pandora FMS version 7.44. An attacker can exploit...
Online Book Store 1.0 - Unauthenticated Remote Code Execution
Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-01-07 Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...
Job Portal 1.0 Shell Upload
Exploit Title: Job Portal 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-01-03 Exploit Author: Tib3rius Vendor Homepage: https://phpgurukul.com/job-portal-project/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7855 Version: 1.0 Tested on: Ubuntu 16.04 CVE: N/A...
Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier
LONDON — A recent attack aimed at a U.S.-based oil, gas and chemical supplier leverages the company’s use of the enterprise-class Asterisk open-source PBX software, used for VoIP services. According to research from Check Point, presented here at Virus Bulletin 2019 on Friday, the attack was firs...
CVE-2017-9442
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...
CVE-2017-9442
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...
Design/Logic Flaw
DISPUTED BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...
CVE-2017-9442
BigTree CMS (versions up to 4.2.18) is affected by CVE-2017-9442. Remote authenticated users can execute arbitrary code by uploading a crafted package containing a PHP web shell, via ZIP extraction to file name patterns under cache/package/xxx/yyy.php. The issue exists in core/admin/modules/devel...
CVE-2017-9442
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...
PT-2017-18924 · Bigtree · Bigtree Cms
Name of the Vulnerable Software and Affected Versions: BigTree CMS versions 4.2.18 and earlier Description: The issue allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell. This is related to the extraction of a ZIP archive to filena...
Hacker Installed a Secret Backdoor On Facebook Server to Steal Passwords
How to Hack Facebook? That’s the most commonly asked question during this decade. It’s a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached in...