CVE-2020-22159

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

EVERTZ 3080IPX 代码问题漏洞

EVERTZ 3080IPX is a web-based broadcast distribution solution from EVERTZ Corporation. A security vulnerability exists in the EVERTZ 3080IPX that stems from an arbitrary file upload vulnerability. An attacker can exploit this vulnerability to upload a webshell or overwrite arbitrary system files...

CVE-2020-22159

EVERTZ CVE-2020-22159 affects EVERTZ 3080IPX (exe-guest-v1.2-r26125), 7801FC (1.3 Build 27), and 7890IXG (V494). The flaw is an Arbitrary File Upload allowing an authenticated attacker to upload a webshell or overwrite critical system files. Exploitation context and impact are documented in multi...

CVE-2020-22159

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

PT-2023-3967 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier Description: The issue is related to a Deserialization of Untrusted Data vulnerability, which could result in Arbitrary code execution...

Exploit for CVE-2023-2255

CVE-2023-2255 CVE-2023-2255 RCE & load of external ressources...

CVE-2023-28699

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...

TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution

This module exploits an unauthenticated remote code-execution vulnerability in TerraMaster TOS 4.2.06 and lower via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system und...

Exploit for Reliance on Cookies without Validation and Integrity Checking in Mgt-Commerce Cloudpanel

CVE-2023-35885 Cloudpanel 0-day Exploit Author: @EagleTube, @...

Update now! MOVEit Transfer vulnerability actively exploited

On May 31, 2023, Progress Software released a security bulletin about a critical vulnerability in MOVEit Transfer. The security bulletin states: "a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized...

CVE-2023-28699

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...

CVE-2023-28699

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...

Privilege escalation

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...

PT-2023-21914 · Unknown · Wade Graphic Design Fantsy

Name of the Vulnerable Software and Affected Versions: Wade Graphic Design FANTSY affected versions not specified Description: The issue is related to insufficient filtering for file type in the file update function. An authenticated remote attacker with general user privilege can exploit this to...

CVE-2023-28699 WADE DIGITAL DESIGN CO, LTD. FANTSY - Arbitrary File Upload

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...

Wade Graphic Design FANTSY 代码问题漏洞

Wade Graphic Design FANTSY is a digital art application from Wade Graphic Design. A code issue vulnerability exists in Wade Graphic Design FANTSY v2.1.8, which stems from an insufficient file type filtering vulnerability that can be exploited by an authenticated, remote attacker with normal user...

Faculty Evaluation System 1.0 - Unauthenticated File Upload

Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload Date: 5/29/2023 Author: Alex Gan Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

CVE-2023-33177

Xibo is a content management system CMS. A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the...

CVE-2023-33177 Xibo CMS vulnerable to Remote Code Execution through Zip Slip

Xibo is a content management system CMS. A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the...

PT-2023-24193 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 2.3.17 Xibo versions prior to 3.3.5 Description: A path traversal vulnerability exists in the Xibo CMS, allowing a specially crafted zip file to be uploaded via the layout import function by an authenticated user. This...