Immunity Canvas: JQUERY_FILE_UPLOAD

Name| jqueryfileupload ---|--- CVE| CVE-2018-9206 Exploit Pack| CANVAS Description| Blueimp jQuery-File-Upload Arbitrary Upload Notes| CVE Name: CVE-2018-9206 VENDOR: Notes: The exploit tests different paths on the target server Repeatability: Infinite References:...

Swim Team <= v1.44.10777 - Local File Inclusion

The code in ./wp-swimteam/include/user/download.php doesn't sanitize user input from downloading sensitive system files. PoC $ curl "http://www.vapidlabs.com/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd=/etc/passwd=text/html=1=/usr/share/wordpress"...

Two vulnerabilities for PatchLink Update Client for Unix.

PatchLink Update Unix Client File clobbering vulnerability Larry W. Cashdollar Vapid Labs 1/17/2008 Overview From the vendor: “PatchLink Update™ provides rapid, accurate and secure patch management, allowing you to proactively manage threats by automating the collection, analysis and delivery of...

SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber

!/usr/local/bin/perl -w The problem is catman creates files in /tmp insecurly. They are based on the PID of the catman process, catman will happily clobber any files that are symlinked to that file. The idea of this script is to watch the process list for the catman process, get the pid and Creat...