2177 matches found
Job Portal 1.0 - Remote Code Execution
Job Portal 1.0 - Remote Code Execution Exploit Title: Job Portal 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-01-03 Exploit Author: Tib3rius Vendor Homepage: https://phpgurukul.com/job-portal-project/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7855 Version:...
Job Portal 1.0 - Remote Code Execution
Exploit Title: Job Portal 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-01-03 Exploit Author: Tib3rius Vendor Homepage: https://phpgurukul.com/job-portal-project/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7855 Version: 1.0 Tested on: Ubuntu 16.04 CVE: N/A...
Job Portal 1.0 Shell Upload
Exploit Title: Job Portal 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-01-03 Exploit Author: Tib3rius Vendor Homepage: https://phpgurukul.com/job-portal-project/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7855 Version: 1.0 Tested on: Ubuntu 16.04 CVE: N/A...
CVE-2018-18930
The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file based on an exported backup of...
CVE-2018-18931
An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...
Design/Logic Flaw
The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file based on an exported backup of...
Design/Logic Flaw
An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...
CVE-2018-18931
An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...
CVE-2018-18930
The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file based on an exported backup of...
Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier
LONDON — A recent attack aimed at a U.S.-based oil, gas and chemical supplier leverages the company’s use of the enterprise-class Asterisk open-source PBX software, used for VoIP services. According to research from Check Point, presented here at Virus Bulletin 2019 on Friday, the attack was firs...
Command Execution Vulnerability in Fiserv Patrol au***.php File
Fisheye Web Patrol is an IT operations and maintenance management system. A command execution vulnerability exists in the Feith Web Patrol au.php file. An attacker can exploit the vulnerability to obtain the host webshell...
Elderly China Chopper Tool Still Going Strong in Multiple Campaigns
A nine-year-old web shell used for providing remote access to web servers for cyberattackers is staying very active despite its advanced age in cyber-years, anyway. Researchers said they’ve spotted it being used in several recent campaigns – all with disparate goals. The tool, known as China...
China Chopper still active 9 years later
By Paul Rascagneres and Vanja Svajcer. Introduction Threats will commonly fade away over time as they're discovered, reported on, and detected. But China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery. China Chopper is a web shell that allows...
CVE-2019-10267
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the...
EBK BKS Buskoppler Remote Code Execution Vulnerability
The BKS EBK Ethernet-Buskoppler Pro is an Ethernet bus coupler. A code issue vulnerability exists in BKS EBK Ethernet-Buskoppler Pro versions prior to 3.01. An attacker can exploit this vulnerability to overwrite a file under the web root path and run the added web shell...
BKS EBK Ethernet-Buskoppler Pro Shell Upload Vulnerability
BKS EBK Ethernet-Buskoppler Pro versions prior to 3.01 suffer from a remote shell upload vulnerability. Product: BKS EBK Ethernet-Buskoppler Pro Manufacturer: BKS GmbH Affected Versions: 3.01 Vulnerability Type: Unrestricted Upload of File with Dangerous Type CWE-434 Risk Level: High Solution...
CVE-2017-11561
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell...
CVE-2017-11561
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell...
Design/Logic Flaw
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell...
CVE-2017-11561
CVE-2017-11561 affects ZOHO ManageEngine OpManager 12.2. An authenticated user can upload arbitrary files in the Group Chat or Alarm sections, enabling potential web shells. The vulnerability arises from insecure file upload handling, allowing an attacker to upload executable content. Public desc...