CVE-2026-30662

ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...

CVE-2021-30118

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...

MagnusBilling Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'MagnusBilling application unauthenticated Remote Command Execution.', 'Description' = %q A Command Injection vulnerabilit...

MagnusBilling application unauthenticated Remote Command Execution.

A Command Injection vulnerability in MagnusBilling application 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec. The parameter to exec includes the GET paramete...

iBooking 1.0.8 Remote Shell Upload

Exploit Title: iBooking v1.0.8 - Arbitrary File Upload Exploit Author: d1z1n370/oPty Date: 01/11/2022 Vendor Homepage: https://codecanyon.net/item/ibooking-laravel-booking-system/30362088 Tested on: Linux Version: 1.0.8 Exploit Description: The application is prone to an arbitrary file-upload...

iBooking v1.0.8 - Arbitrary File Upload

Exploit Title: iBooking v1.0.8 - Arbitrary File Upload Exploit Author: d1z1n370/oPty Date: 01/11/2022 Vendor Homepage: https://codecanyon.net/item/ibooking-laravel-booking-system/30362088 Tested on: Linux Version: 1.0.8 Exploit Description: The application is prone to an arbitrary file-upload...

GHSA-44P8-C3WV-F28R Directory Traversal in Studio 42 elFinder

Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...

GHSA-45X3-MW7Q-WF7F elFinder Path Traversal vulnerability

Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process...

Microsoft SharePoint Chart Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of charts. Tampering with client-side data can trigger the...

Police Crime Record Management Project 1.0 - Time Based SQL injection Vulnerability

Exploit Title: Police Crime Record Management Project 1.0 - Time Based SQLi Exploit Author: t//\1 Vendor Homepage: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html Tested on: Linux Version: 1.0 Exploit Description: The application is prone to an arbitrary...

Police Crime Record Management Project 1.0 - Time Based SQLi

Exploit Title: Police Crime Record Management Project 1.0 - Time Based SQLi Exploit Author: t//\1 Date: 23/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html Tested on: Linux Version: 1.0 Exploit Description: The application is prone to an...

CVE-2021-30118

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...

CVE-2021-30118

CVE-2021-30118 affects Kaseya VSA (RMM) prior to 9.5.7, via unauthenticated arbitrary file upload in the web UI path /SystemTab/uploader.aspx. The request can write files with arbitrary content to locations the web server can access (e.g., webroot) and, if code (ASPX) is uploaded, execute it in t...

ImpressCMS: Arbitrary File Deletion via Path Traversal in image-edit.php

Summary: The vulnerability is located in the /libraries/image-editor/image-edit.php script: 161. if @copy ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp, $categpath . $simage-getVar 'imagename' 162. if @unlink ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp 163. $msg = MDAMDBUPDATED; ... 190. el...

Microsoft SharePoint Scorecards Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of controls in the Microsoft.PerformancePoint.Scorecards.Client...

Microsoft SharePoint Shared Forms Incomplete Blacklist Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of shared forms. It is possible to invoke a shared form in a way that allo...

Cross-Site Scripting (XSS)

apache-airflow is vulnerable to cross-site scripting XSS. An administrative user is able to edit the state of objects in the metadata database to contain malicious Javascript, which will execute in a victim's browser when rendered. This vulnerability also allows reading of arbirary files permitte...

PYSEC-2019-216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

CVE-2018-18990

LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process...

LCDS LAquis SCADA Path Traversal Vulnerability

LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment with communication technology. A path traversal vulnerability in LCDS LAquis SCADA version 4.1.0.3870, whic...