897 matches found
CVE-2021-26809
CVE-2021-26809 affects PHPGurukul Car Rental Project version 2.0. The vulnerability is a remote shell upload in changeimage1.php, enabling an attacker to upload arbitrary code and potentially take control of the system. Practical impact is remote code execution with high severity. Remediation/mit...
PT-2021-17143 · Unknown · Phpgurukul Car Rental Project
Name of the Vulnerable Software and Affected Versions: PHPGurukul Car Rental Project version 2.0 Description: The issue is related to a remote shell upload vulnerability. This vulnerability is present in the changeimage1.php file, allowing for potential malicious activity. Recommendations: For...
Phpgurukul PHPGurukul Car Rental Projec Code Issue Vulnerability
Phpgurukul PHPGurukul Car Rental Projec is an application of the American company PHPGurukul Car Rental Projec Phpgurukul. It provides car rental services. A code issue vulnerability exists in PHPGurukul Car Rental Project version 2.0, which stems from a remote shell upload vulnerability in...
DeathStalker APT Spices Things Up with PowerPepper Malware
The DeathStalker advanced persistent threat APT group has a hot new weapon: A highly stealthy backdoor that researchers have dubbed PowerPepper, used to spy on targeted systems. DeathStalker offers mercenary, espionage-for-hire services targeting the financial and legal sectors, according to...
CVE-2020-29379
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access...
Code Projects Artworks Gallery Code Issues Vulnerabilities
Code Projects Artworks Gallery is an online artwork management builder system organized by Code Projects. A security vulnerability exists in Artworks Gallery version 1.0 that stems from multiple remote shell upload vulnerabilities...
Malicious Package
plutov-slack-client is a malicious package. The package opens a shell to a remote server when installed...
Command Execution Vulnerability in SSH of UPS Management Module at VitiTech Ltd.
VitiTech is an uninterruptible power supply, automation control equipment and industrial battery company. A command execution vulnerability exists in SSH, the UPS management module of Verti Technologies Ltd. The vulnerability can be exploited to remotely execute system shell commands bypassing...
AutoRDPwn v5.1 - The Shadow Attack Framework
AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability listed as a feature by Microsoft allows a remote attacker to view his victim's desktop without his consent, and even control it on...
Nextcloud: Code injection possible with malformed Nextcloud Talk chat commands
Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using @exec. If...
CyberArk PSMP 10.9.1 - Policy Restriction Bypass
CyberArk PSMP 10.9.1 - Policy Restriction Bypass Exploit Title: CyberArk PSMP 10.9.1 - Policy Restriction Bypass Google Dork: NA Date: 2020-02-25 Exploit Author: LAHBAL Said Vendor Homepage: https://www.cyberark.com/ Software Link: https://www.cyberark.com/ Version: PSMP = 11.1 Prerequisites Poli...
Centreon Poller Authenticated Remote Command Execution Exploit
This Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules to perform certain actions, by the...
Centreon Poller Authenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q An authenticated user with sufficient administrative rights to manage...
Cumulative Update 27 for Microsoft Dynamics NAV 2018 (Build 41203)
Cumulative Update 27 for Microsoft Dynamics NAV 2018 Build 41203 This article applies to Microsoft Dynamics NAV 2018 for all countries and all language locales.A remote code execution vulnerability exists in Microsoft Dynamics NAV. A user who has the permission to access certain features that...
CVE-2019-5162
An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...
CVE-2019-5162
An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...
Improper access control
An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...
CVE-2019-5162
An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...
CVE-2019-5162
The CVE-2019-5162 issue affects Moxa AWK-3131A firmware v1.13 (iw_webs account settings). A crafted username can overwrite an existing user password, allowing remote shell access as that user when authenticated as a low-privilege user. Talos reports this as an exploitable improper access control ...
Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability
Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...