2126 matches found
CVE-2019-15813
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell...
CVE-2019-15813
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell...
Design/Logic Flaw
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell...
CVE-2019-15813
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell...
Sentrifugo 3.2 File Upload Restriction Bypass
Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload Restriction Bypass vulnerabilities were found in...
Sentrifugo 3.2 - File Upload Restriction Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload Restriction Bypass vulnerabiliti...
Sentrifugo 3.2 - File Upload Restriction Bypass
Sentrifugo 3.2 - File Upload Restriction Bypass Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload...
Sentrifugo 3.2 - File Upload Restriction Bypass
Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload Restriction Bypass vulnerabilities were found in...
GAME OVER: Detecting and Stopping an APT41 Operation
In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. APT41 is...
Far Autumn Medical Training Enrollment System v1.0 File Upload Vulnerability in Frontend
Far Autumn Medical Online Examination System adopts the universal test bank management software, applicable to all levels and types of medical schools and hospitals, the content contains the three basic exams for medical and nursing personnel, title exams, licensing exams, academic exams, trainin...
File Upload Vulnerability in Far Autumn Medical Training Enrollment System v1.0
Far Autumn Medical Online Examination System adopts the universal test bank management software, applicable to all levels and types of medical schools and hospitals, the content contains the three basic exams for medical and nursing personnel, title exams, licensing exams, academic exams, trainin...
File upload vulnerability in Qibo CMS gl***.php file
Qibo CMS system is a content management system under Guangzhou Qibo Network Technology Co. A file upload vulnerability exists in the gl.php file of the Qibo CMS system. It allows an attacker to upload a webshell and gain server privileges...
Rare Steganography Hack Can Compromise Fully Patched Websites
An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP cod...
CloudBees Jenkins Arbitrary Arbitrary File Upload Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dependency Graph Viewer Plugin is used in...
File Upload Vulnerability in ShopXO v1.5.0
ShopXO is an open source enterprise-level open source e-commerce system. A file upload vulnerability exists in ShopXO v1.5.0. Allows attackers to upload webshell and gain server privileges...
File Upload Vulnerability in Website Management System of Kunshan Unicom Technology
Kunshan U-Net Information Technology Co., Ltd. is a website design company that integrates website construction with visual design development and brand online marketing promotion. A file upload vulnerability exists in the website management system of Kunshan YouNET Technology. An attacker can us...
CVE-2019-1010062
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...
CVE-2019-1010062
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...
Design/Logic Flaw
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...
CVE-2019-1010062
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...