CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...

Sysaid Technologies SysAid 安全漏洞

Sysaid Technologies SysAid is an IT service management solution from the Israeli company SysAid Technologies Sysaid Technologies.A security vulnerability exists in SysAid ITIL, which could be exploited by an attacker to copy arbitrary files on the server file system to the Web root via the HTTP...

RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated) Vulnerability

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse.. 4. Upload any fi...

RiteCMS 3.1.0 Arbitrary File Overwrite

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...

RiteCMS 3.1.0 - Arbitrary File Deletion (Authenticated) Vulnerability

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Deletion Authenticated Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0 Google Dork:...

RiteCMS 3.1.0 Arbitrary File Deletion

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Deletion Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...

Apache Log4j 2.0.x Multiple Vulnerabilities (HTTP Web Root, Log4Shell) - Active Check

Apache Log4j is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Remote code execution

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were...

SuiteCRM 代码问题漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. A security vulnerability exists in SuiteCRM that stems from SuiteCRM prior to 7.11.19 that allows remote code execution to be set via the system settings log file name. An attacker can exploit the vulnerability...

Exploit for Files or Directories Accessible to External Parties in Apache Flink

SimplesApachePathTraversal Simples Apache Path Tr...

F5 BIG-IP TMUI Unauthorized Access Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG-IP TMUI Unauthorized Access vulnerability can be exploited by an authenticated attacker by sending a crafted reque...

F5 BIG-IP 路径遍历漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG-IP TMUI Unauthorized Access vulnerability can be exploited by an authenticated attacker by sending a crafted reque...

Directory Traversal

Overview elFinder.NetCore is a file manager for Web. Affected versions of this package are vulnerable to Directory Traversal. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to...

CVE-2021-27942

Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed...

Code injection

Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed...

Vizio P65-F1 安全漏洞

The Vizio P65-F1 is a display from Vizio, Inc. A security vulnerability exists in the Vizio P65-F1 version 6.0.31.4-2 and the E50x-E1 version 10.0.31.4-2, which stems from a device that allows a threat actor to execute arbitrary code from a USB drive via the Smart Cast feature, as files on the US...

XOS Shop 1.0.9 Arbitrary File Deletion

Exploit Title: XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion Authenticated Date: 2021-07-25 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://xos-shop.com Software Link: https://github.com/XOS-Shop/xosshopsystem/releases/tag/v1.0.9 Version: 1.0.9 Tested on:...

WordPress Media File Organizer plugin directory traversal vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A directory traversal vulnerability exists in version 1.0.1 of the Media File Organizer plugin for...

CVE-2020-24143

Directory traversal in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter...