CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...

CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...

CVE-2024-4306

CVE-2024-4306 affects HubBank version 1.0.2 and is a critical unrestricted file upload vulnerability. A registered user can upload malicious PHP files through upload document fields, enabling webshell execution on the server. The connected PT-2024-30276 advisory corroborates a high-severity, clie...

HubBank 代码问题漏洞

HubBank is an application from HubBank, Inc. A code issue vulnerability exists in HubBank version 1.0.2 that originates from allowing registered users to upload a malicious PHP file via the upload document field, which can lead to webshell execution...

BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE

!/usr/bin/env python3 Exploit Title: Pre-auth RCE on Compuware iStrobe Web Date: 01-08-2023 Exploit Author: trancap Vendor Homepage: https://www.bmc.com/ Version: BMC Compuware iStrobe Web - 20.13 Tested on: zOS CVE : CVE-2023-40304 To exploit this vulnerability you'll need "Guest access" enabled...

CVE-2024-3705

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/MIcons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell...

CVE-2024-3705

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/MIcons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell...

CVE-2024-3705 Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/MIcons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell...

CVE-2024-3705 Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/MIcons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell...

CVE-2024-3705

CVE-2024-3705 affects OpenGnsys 1.1.1d (Espeto). The flaw is an unrestricted file upload via POST to /opengnsys/images/M_Icons.php due to missing file-extension verification, enabling potential webshell injection with high impact (C:H/I:H/A:H). Documents confirm the vulnerable component and root ...

OpenGnsys 代码问题漏洞

OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. A code issue vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from an unlimited file upload vulnerability that allows an attacker to send a POST request to modify a file...

PT-2024-27265 · Opengnsys · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to send a POST request to the endpoint '/opengnsys/images/M Icons.php' and modify the file extension due to a lack of file extension verification. This results in a...

WordPress Travelscape Theme 1.0.3 Arbitrary File Upload

Exploit Title: Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload Date: 2024-04-01 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys import os.path import requests import re import urllib3 from requests.exceptions import SSLError from...

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution Exploit

!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on: Craft CMS 4.4.14...

Artica Proxy Unauthenticated PHP Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Artica Proxy Unauthenticated PHP Deserialization Vulnerability', 'Description' = %q A Command Injection vulnerability in Artica Proxy appliance...

Craft CMS 4.4.14 Remote Code Execution

!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Date: 2023-12-26 Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on:...

Wallos < 1.11.2 - File Upload RCE

Exploit Title: Wallos - File Upload RCE Authenticated Date: 2024-03-04 Exploit Author: [email protected] Vendor Homepage: https://github.com/ellite/Wallos Software Link: https://github.com/ellite/Wallos Version: 1.11.2 Tested on: Debian 12 Wallos allows you to upload an image/logo when you create...

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution

!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Date: 2023-12-26 Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on:...

CVE-2024-2599

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure...

CVE-2024-2599

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure...