WPN-XM Serverstack Security Vulnerability

WPN-XM Serverstack is a server stack from the WPN-XM organization for developing PHP on Windows. A security vulnerability exists in WPN-XM Serverstack version 0.8.6, which stems from the presence of a local file inclusion vulnerability that could result in loading PHP files on the server, which...

CVE-2022-47893

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root...

Remote code execution

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root...

CVE-2022-47893

CVE-2022-47893 : The provided documents describe a remote code execution vulnerability affecting NetMan 204 where an attacker could upload a firmware file containing a webshell to execute arbitrary code as root. Core details: affected product NetMan 204 ; vulnerability via firmware upload; impact...

PT-2023-15521 · Unknown · Netman 204

Name of the Vulnerable Software and Affected Versions: NetMan 204 affected versions not specified Description: The issue is a remote code execution vulnerability. A remote attacker could upload a firmware file containing a webshell, allowing them to execute arbitrary code as root. Recommendations...

SolarView Compact 6.00 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SolarView Compact unauthenticated remote command execution vulnerability.', 'Description' = %q CONTEC's SolarView™ Series enables you to monitor...

bloofoxCMS File Upload Vulnerability (CNVD-2023-64046)

bloofoxCMS is Bloofox bloofoxCMS individual developers of a Php-based text content management system. A file upload vulnerability exists in bloofoxCMS version 0.5.2.1, which stems from the application's lack of valid validation of uploaded files. The vulnerability can be exploited to execute...

CVE-2020-36082

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module...

Unrestricted file upload

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module...

CVE-2020-36082

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module...

CVE-2020-36082

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module...

bloofoxCMS 代码问题漏洞

bloofoxCMS is Bloofox bloofoxCMS individual developers of a Php-based text content management system. A file upload vulnerability exists in bloofoxCMS version 0.5.2.1, which stems from the application's lack of valid validation of uploaded files. The vulnerability can be exploited to execute...

PT-2023-11806 · Unknown · Bloofoxcms

Name of the Vulnerable Software and Affected Versions: bloofoxCMS version 0.5.2.1 Description: The issue allows remote attackers to execute arbitrary code and escalate privileges via a crafted webshell file to the upload module. This can be achieved by uploading a specifically designed file to th...

Upload_Bypass - File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques Covered In Hacktricks

UploadBypass is a powerful tool designed to assist Pentesters and Bug Hunters in testing file upload mechanisms. It leverages various bug bounty techniques to simplify the process of identifying and exploiting vulnerabilities, ensuring thorough assessments of web applications. Simplifies the...

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode', 'Description' = %q The Wordpress plug...

CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519

The Cybersecurity and Infrastructure Security Agency CISA released a Cybersecurity Advisory CSA, Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution RCE vulnerability...

CVE-2020-22159

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

CVE-2020-22159

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

Design/Logic Flaw

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

On Tuesday, July 18, Citrix published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway. Of the three vulnerabilities, CVE-2023-3519 is the most severe—successful exploitation allows unauthenticated attackers to execute code remotely on...