CVE-2020-8892

An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests...

RATELIMITED: HTTP PUT method is enabled ratelimited.me

Found on HTTP PUT sites enabled on web servers. I tried testing to write the file / codelayer137.txt uploaded to the server using the PUT verb, and the contents of the file were then taken using the GET verb. the following is POC Request: PUT /codeslayer137.txt HTTP/1.1 Host: ratelimited.me...

RATELIMITED: HTTP PUT method enabled

Hi security team, Summary: It is possible to upload files to the server using the PUT method Steps To Reproduce: I used the following request: PUT /emitrani.txt HTTP/1.1 Host: ratelimited.me Content-Length: 10 Connection: close Now a file exists at https://ratelimited.me/emitrani.txt with content...

Vimeo: Possibility to overwrite any file in the vpe.cdn.vimeo.tv leads to the Stored XSS for the all customers on the embed.vhx.tv

By modifying the Content-Type to be blank, during a PUT command, the researcher was able to upload files to the CDN. This has been resolved. It was possible to write and overwrite arbitrary files to the CDN vpe.cdn.vimeo.tv used for JS scripts delivery on the various in-scope assets using the PUT...

CVE-2018-15137

CeLa Link CLR-M20 devices allow unauthorized users to upload any file e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml, which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method...

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Exploit Title: Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Date: 2018-07-13 Shodan Dork: CLR-M20 Exploit Author: Safak Aslan Software Link: http://www.celalink.com Version: 2.7.1.6 CVE: 2018-15137 Authentication Required: No Tested on: Windo...

Design/Logic Flaw

An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests...

RATELIMITED: HTTP PUT method enabled

Hi security team, Summary: It is possible to upload files to the server using the PUT method Steps To Reproduce: 1. I used the following request: PUT /emitrani.txt HTTP/1.1 Host: ratelimited.me Content-Length: 10 Connection: close emitrani POC Now a file exists at...

GitBucket 4.23.1 - Remote Code Execution

GitBucket 4.23.1 - Remote Code Execution Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...

Apache Tomcat for Windows HTTP PUT Method File Upload

File upload vulnerability in Apache Tomcat for Windows HTTP PUT method Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

Telesquare SKT LTE Router SDT-CS3B1 WebDAV HTTP Methods Arbitrary File Events

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description WebDAV is enabled with directory listing and dangerous HTTP methods allowed: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK and UNLOCK. The HTTP PUT metho...

tomcat: Remote Code Execution via JSP Upload

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...

Apache Tomcat PUT method JSP upload

Added: 10/13/2017 BID: 100954 Background Apache Tomcat is a Java web application platform. Problem A vulnerability in Apache Tomcat allows remote attackers to execute arbitrary commands by using the PUT method to upload a JSP file, and then requesting that file. Resolution Upgrade to Apache Tomca...

Apache Tomcat PUT method JSP upload

Added: 10/13/2017 BID: 100954 Background Apache Tomcat is a Java web application platform. Problem A vulnerability in Apache Tomcat allows remote attackers to execute arbitrary commands by using the PUT method to upload a JSP file, and then requesting that file. Resolution Upgrade to Apache Tomca...

Apache Tomcat PUT method JSP upload

Added: 10/13/2017 BID: 100954 Background Apache Tomcat is a Java web application platform. Problem A vulnerability in Apache Tomcat allows remote attackers to execute arbitrary commands by using the PUT method to upload a JSP file, and then requesting that file. Resolution Upgrade to Apache Tomca...

CVE-2017-12617

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

Apache ActiveMQ Fileserver remote code execution vulnerability(CVE-2016-3088)

Author: The know Chong Yu 404 laboratory 1. Background overview ActiveMQ is an Apache Software Foundation under an open source message-driven middleware software. Jetty is an open source servlet container, it is based on Java web container such as JSP and servlet to provide the running...

Publicly writable directory

There are various methods in which a file or files may be uploaded to a webserver. One method that can be used is the HTTP PUT method. The PUT method is mainly used during development of applications and allows developers to upload or put files on the server within the web root. By nature of the...

Samsung Security Manager ActiveMQ Broker Service PUT Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. Successful exploitation allows an attacker to gain complete control of the system on which the product is...

IIS PUT 任意文件创建漏洞

No description provided by source...