CVE-2017-15876

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...

Multiple File Upload Vulnerabilities in CLTPHP Content Management System

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. Multiple file upload vulnerabilities exist in the backend of the CLTPHP content management system, which allows attackers to log in to the backend and upload webshells to gain control of the...

Endian Firewall Stored From XSS to Remote Command Execution

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system...

VulnCheck KEV: CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

Apache Tomcat PUT method JSP upload

Added: 10/13/2017 BID: 100954 Background Apache Tomcat is a Java web application platform. Problem A vulnerability in Apache Tomcat allows remote attackers to execute arbitrary commands by using the PUT method to upload a JSP file, and then requesting that file. Resolution Upgrade to Apache Tomca...

Apache Tomcat PUT method JSP upload

Added: 10/13/2017 BID: 100954 Background Apache Tomcat is a Java web application platform. Problem A vulnerability in Apache Tomcat allows remote attackers to execute arbitrary commands by using the PUT method to upload a JSP file, and then requesting that file. Resolution Upgrade to Apache Tomca...

DAws - Advanced Web Shell

There's multiple things that makes DAws better than every Web Shell out there: 1. Bypasses Security SystemsIPS, WAFs,etc like Suhosinuses up to 20 php functions just to get a command executed. 2. Drops CGI Shells and communicate with them to bypass Security Systems. 3. Uses the SSH Authorized Key...

DotCMS 4.1.1 Shell Upload

========================== Advisory: DotCMS /servlets/ajaxfileupload Arbitrary File Upload Vulnerability Author: M3@pandas From DBAppSecurity Security Lab Email: [email protected] Affected Version: 4.1.1 the latest version ========================== Vulnerability Description...

Dasan Networks GPON ONT WiFi Router H64X Series System Config Download

Dasan Networks GPON ONT WiFi Router H64X Series System Config Download Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Models: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645G Firmware: 3.02p2-1141 2.77p1-1125 2.77-1115 2.76-9999...

Apache ActiveMQ < 5.14.0 - Web Shell Upload Exploit

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. This module requires Metasploit: http://metasploit.com/download Current source:...

Apache ActiveMQ 5.x Web Shell Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ActiveMQ web shell upload', 'Description' = %q The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uplo...

Fastspot BigTree CMS Arbitrary Code Execution Vulnerability

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. An arbitrary code execution vulnerability exists in Fastspot BigTree CMS and previous versions 4.2.18. The vulnerability can be exploited by a remote attacker to execute...

ActiveMQ web shell upload

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2017-9442

BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...

CVE-2017-9442

BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...

Design/Logic Flaw

DISPUTED BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...

CVE-2017-9442

BigTree CMS (versions up to 4.2.18) is affected by CVE-2017-9442. Remote authenticated users can execute arbitrary code by uploading a crafted package containing a PHP web shell, via ZIP extraction to file name patterns under cache/package/xxx/yyy.php. The issue exists in core/admin/modules/devel...

CVE-2017-9442

BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...

PT-2017-18924 · Bigtree · Bigtree Cms

Name of the Vulnerable Software and Affected Versions: BigTree CMS versions 4.2.18 and earlier Description: The issue allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell. This is related to the extraction of a ZIP archive to filena...

Concrete5 Proof Of Concept Shell Upload

c@kali:/src/napalm2.2/modules$ cat shell-concrete5.py !/usr/bin/env python shell-concrete5.py - module based on previous version created 29.04.2017. Bug 'feature' is exploitable only when you will have a valid credentials. import sys import re import requests target = rawinput"+ Hostname " logMe ...