PT-2023-11806 · Unknown · Bloofoxcms

Name of the Vulnerable Software and Affected Versions: bloofoxCMS version 0.5.2.1 Description: The issue allows remote attackers to execute arbitrary code and escalate privileges via a crafted webshell file to the upload module. This can be achieved by uploading a specifically designed file to th...

Upload_Bypass - File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques Covered In Hacktricks

UploadBypass is a powerful tool designed to assist Pentesters and Bug Hunters in testing file upload mechanisms. It leverages various bug bounty techniques to simplify the process of identifying and exploiting vulnerabilities, ensuring thorough assessments of web applications. Simplifies the...

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode', 'Description' = %q The Wordpress plug...

CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519

The Cybersecurity and Infrastructure Security Agency CISA released a Cybersecurity Advisory CSA, Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution RCE vulnerability...

CVE-2020-22159

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

CVE-2020-22159

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

Design/Logic Flaw

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

On Tuesday, July 18, Citrix published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway. Of the three vulnerabilities, CVE-2023-3519 is the most severe—successful exploitation allows unauthenticated attackers to execute code remotely on...

CVE-2020-22159

EVERTZ CVE-2020-22159 affects EVERTZ 3080IPX (exe-guest-v1.2-r26125), 7801FC (1.3 Build 27), and 7890IXG (V494). The flaw is an Arbitrary File Upload allowing an authenticated attacker to upload a webshell or overwrite critical system files. Exploitation context and impact are documented in multi...

CVE-2020-22159

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

EVERTZ 3080IPX 代码问题漏洞

EVERTZ 3080IPX is a web-based broadcast distribution solution from EVERTZ Corporation. A security vulnerability exists in the EVERTZ 3080IPX that stems from an arbitrary file upload vulnerability. An attacker can exploit this vulnerability to upload a webshell or overwrite arbitrary system files...

CVE-2020-22159

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

PT-2023-3967 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier Description: The issue is related to a Deserialization of Untrusted Data vulnerability, which could result in Arbitrary code execution...

Exploit for CVE-2023-2255

CVE-2023-2255 CVE-2023-2255 RCE & load of external ressources...

CVE-2023-28699

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...

TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution

This module exploits an unauthenticated remote code-execution vulnerability in TerraMaster TOS 4.2.06 and lower via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system und...

Exploit for Reliance on Cookies without Validation and Integrity Checking in Mgt-Commerce Cloudpanel

CVE-2023-35885 Cloudpanel 0-day Exploit Author: @EagleTube, @...

Update now! MOVEit Transfer vulnerability actively exploited

On May 31, 2023, Progress Software released a security bulletin about a critical vulnerability in MOVEit Transfer. The security bulletin states: "a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized...

CVE-2023-28699

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...

CVE-2023-28699

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...