Xerte Online Toolkits Arbitrary File Upload - Upload Image

This module exploits the user template file import function's unrestricted file upload in versions 3.14 and earlier to upload and execute a shell. This targets editor/uploadImage.php. This has only been tested in implementations where the authentication type is "Db". OPSEC - if the user is logged...

EUVD-2020-30904

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...

CVE-2011-10004 reciply Plugin uploadImage.php unrestricted upload

A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to...

CVE-2011-10004 reciply Plugin uploadImage.php unrestricted upload

A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to...

K49580002: BIG-IP file validation vulnerability CVE-2015-8021

Security Advisory Description The BIG-IP Configuration utility may not properly validate file type or contents where uploaded files are allowed in the Access Policy Manager configuration section uploadImage.php. CVE-2015-8021 Impact An authenticated attacker could upload files to the BIG-IP syste...

Design/Logic Flaw

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...

Design/Logic Flaw

uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area...

CVE-2017-11760

uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area...

PHP Product Designer Script - Arbitrary File Upload

Exploit Title: PHP Product Designer Script - Arbitrary File Upload Google Dork: N/A Date: 30.01.2017 Vendor Homepage: https://codecanyon.net/item/php-product-designer/19334412 Software Buy: https://codecanyon.net/item/php-product-designer/19334412 Demo:...

Design/Logic Flaw

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0...

eLitius 1.0 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ============================================ eLitius 1.0 Remote Command Execution Exploit ============================================ ============================================================================== eLitius v1.0 Remote Comma...