Xfilesharing 2.5.1 - Arbitrary File Upload

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload.This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP. id: CVE-2019-18952 info: name: Xfilesharing 2.5.1 - Arbitrary File Upload...

CVE-2019-18952

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...

CVE-2019-18951

SibSoft Xfilesharing through 2.5.1 allows op=page=../ directory traversal to read arbitrary files...

VulnCheck KEV: CVE-2019-18952

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...

Xfilesharing 2.5.1 - Arbitrary File Upload

Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Date: 2019-11-4 Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php Local File Inclusion...

SibSoft Xfilesharing Directory Traversal Vulnerability

SibSoft Xfilesharing is a file sharing solution from the Russian company SibSoft. A directory traversal vulnerability exists in SibSoft Xfilesharing. The vulnerability stems from a failure of a networked system or product to properly filter for specific elements in a resource or file path. An...

Xfilesharing 2.5.1 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php Local...

Xfilesharing 2.5.1 - Arbitrary File Upload

Xfilesharing 2.5.1 - Arbitrary File Upload Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Date: 2019-11-4 Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php...

Xfilesharing 2.5.1 Local File Inclusion / Shell Upload

Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Date: 2019-11-4 Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php Local File Inclusion...

SibSoft Xfilesharing File Upload Vulnerability

SibSoft Xfilesharing is a file sharing solution from the Russian company SibSoft. A file upload vulnerability exists in SibSoft Xfilesharing. An attacker can exploit this vulnerability to achieve remote code execution...

CVE-2019-18951

SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files...

CVE-2019-18952

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...

CVE-2019-18951

SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files...

CVE-2019-18952

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...

Directory traversal

SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files...

Design/Logic Flaw

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...

CVE-2019-18952

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP...

CVE-2019-18952

CVE-2019-18952 affects SibSoft Xfilesharing up to version 2.5.1, enabling an arbitrary file upload through cgi-bin/up.cgi. The accompanying data shows this can be chained with CVE-2019-18951 (directory traversal via op=page&tmpl=…) to achieve remote code execution, using a crafted HTML file serve...

CVE-2019-18951

CVE-2019-18951 affects SibSoft Xfilesharing up to version 2.5.1. The vulnerability is a directory traversal via op=page&tmpl=../, allowing reading arbitrary files. Public sources in the connected documents corroborate a path traversal/LFI-style exposure, with exploit context and mention of a comb...

CVE-2019-18951

SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files...