UK Cyber Security

When scaling your business and moving it online, you may encounter cybersecurity challenges. It is crucial to take care of cybersecurity across the organisation and from both the back office and production perspective. Defense in depth and layered security should be considered essential elements of your business strategy. Although the threat landscape may be similar across different industries (i.e. Ransomware, Supply chain compromise), there are also some key aspects that are sector-specific. We provide a number of cyber security services including IP reputation and threat intelligence data for the UK

Our Cyber Security Services

Funnelweb - Funnelweb is our own network of propriety passive cyber security threat listeners that record potential vulnerability reconnaissance, port scans and potential attacks for analysis and intelligence gathering. This raw intelligence data gathered by Funnelweb is used to provide IP address reputation reports and targeted intelligence on potential cyber security threats and vulnerabilities on both your internet and network surface footprint. Used in conjunction with our propriety network sniffers, that monitor in real-time your network traffic, intelligence gathered by Funnelweb can also provide real-time alerts of malevolent IP addresses, vulnerability reconnaissance, port scans and potential attacks that are present on your network. Please contact us for more information and how we can help you protect your business from cyber security attacks.

IP lookup & IP reputation reports - We can provide IP lookup and IP reputation reports that give a full history of cyber reconnaissance, port scans and attempted cyber security attacks on our network of UK based Funnelweb listener servers. We can provide location information, attempted network scans and vulnerability exploits attempted. How are IP reputation reports useful? If you are selling online high value goods you are putting a lot trust in the buyer and payment services. Would it be useful to know if they IP address of the buyer is an open proxy frequently used by potential hackers and cyber criminals? Similarly if you are running secure or sensitive networks would it be useful to know they you are being targetting and potential hackers and cyber criminals are scanning your networks for vulnerabilities? This is where our reputation reports can help you make more informed decisions and take further precautions.

Cyber attack & incident forensics - Using professional cyber incident forensic tools and methodologies we can help with identifying, remediating, and investigating cybersecurity incidents. We can collect, preserve, and analyze forensic evidence of a cyber incident. This involves the recovery, investigation, and examination of material found on digital devices. With the goal to gather and preserve evidence to aid in prosecuting cybercrime, should the culprits behind an attack face criminal charges.

Threat & intrusion detection - Using intrusion detection systems (IDS) we can provide real time alerts and reports on port scans, attempted vulnerability exploits and cyber security attacks on your network, systems and servers. We can provide location information on who is attempting to recon or attack your networks and what vulnerabilities they attempting to exploit.

Penetration testing - We use the tools and exploits that hackers do to try to find the weaknesses and vulnerabilities in your systems and applications. We report on what exploits could used against your internet footprint and how to mitigate these threats. We do not execute these exploits but make you aware them in order you can rectify any flaws in your cyber security measures. We can perform threat analysis on public facing systems and also internal networks and company VPN's.

Network montoring - We have developed applications that are able to passively listen to network traffic and record it for analysis. The application can report and alert anomalies and known malevolent IP addresses in real-time or simply report them.

IP Reputation Lookup

Have you wanted to know who tried to hack you or if that IP address in your logs has tried port scanning or attempting cyber attacks in the UK? Please enter the IP address you would like to lookup and get a FREE ip threat intelligence report:
    Submit IP Reputation Lookup

Most popular IP Lookups

Did you know that we have a FREE IP Reputation Lookup API?

IP address and threat intelligence is actionable and is available via our APIs (JSON), which can be ingested into SIEMs. With our commercial API subscription, you can query URLs and IPs by category (e.g. query all IPs and URLs which are categorized as "Botnet Command and Control Server")

curl -X 'GET' -k 'https://ip_lookup.webloft.co.uk/api/ipr/{IP_ADDRESS}' -H 'accept: application/json' -H 'API_KEY: {API_KEY}'

Please contact us to get an API Key to try our FREE IP reputation and threat intelligence data lookup for the UK

Example IP Reputation API Report

Below is an example of the response (in JSON format) you will receive
from our FREE IP Reputation Lookup API

{
    "ip": "123.123.123.123",*
    "hostname": "No-HostName",
    "continent_code": "EU",
    "continent_name": "Europe",
    "country_code": "NL",
    "country_name": "Europe",
    "region_code": "NH",
    "region_name": "North Holland",
    "city": "Diemen",
    "zip": "1101",
    "latitude": 52.349998,**
    "longitude": 4.916999,**
    "first_seen": "09/03/2023 22:36:56",
    "last_seen": "20/04/2023 05:10:25",
    "urlThreatDescriptions": [
        "Apache Solr 8.2.0 - Remote Code Execution - [CVE-2019-17558]",
        "Directory Index Scan",
        "inurl:?XDEBUG_SESSION_START=phpstorm",
        "Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit) - [CVE-2019-1003000]",
        "Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE) - [CVE-2022-22947]",
        "ThinkPHP 5.X - Remote Command Execution",
        "Util/PHP/eval-stdin - [CVE-2017-9841]"
    ],
    "security": {
        "is_proxy": true,
        "proxy_type": open,
        "is_crawler": false,
        "crawler_name": null,
        "crawler_type": null,
        "is_tor": false,
        "threat_level": "Medium"
    },
    "portScans": [
        {
            "port": 8080,
            "number": 170
        },
        {
            "port": 443,
            "number": 147
        },
        {
            "port": 80,
            "number": 166
        }
    ]
}

** Lat & Lan coordinates only to 6 decimal places for example purposes only
* This is fictitious IP address for example purposes only

UK Scans Trends Report 2024

Total number of UK scans for the last 12 months

Total number of UK scans by country for the last 12 months

Total number of UK scans by port number for the last 12 months

Total UK scans by country for the last 12 months

CountryNumber
United States71866
China18074
India12704
Germany12032
Czechia7099
France5846
Singapore5640
UK4906
Taiwan4301
Russia3834

Total UK scans by port number for the last 12 months

PortNumber
80236708
23139793
2539515
808028560
2119657
232313880
11012263

Scans by Day Of Week for the last 12 months

Scans by Hour Of Day for the last 12 months

The above data was collected by our 'honey-pot' servers that accept requests on popular port scans and online services by used by potential hackers and cyber criminals. On average our UK based listeners record 60,000 port scans per month. The data is for requests to UK based servers up to December 1, 2024
Report updated: December 4, 2024

UK port scan reports archive

Cyber security January, 2024
Cyber security February, 2024
Cyber security March, 2024
Cyber security April, 2024
Cyber security May, 2024
Cyber security June, 2024
Cyber security July, 2024
Cyber security August, 2024
Cyber security September, 2024
Cyber security October, 2024
Cyber security November, 2024

UK Http exploits captured by Funnelweb

Below is a table of just some of the Http requests made by potential hackers to exploit web service vulnerabilities in the UK captured by Funnelweb in the last six months.
Funnelweb is our propriety UK based cyber security exploit listener and IP address capturing system.

ExploitExploit InformationCVE
TP-Link Archer AX21 (AX1800) firmware versions before 1TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.CVE-2023-1389
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)# Exploit Title: PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated) # Date: 2022/01/30 # Exploit Author: souzo # Vendor Homepage: phpunit.de # Version: 4.8.28 # Tested on: Unit # CVE : CVE-2017-9841 import requests from sys import argv phpfiles = ["/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.CVE-2017-9841
Util/PHP/eval-stdinUtil/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.CVE-2017-9841
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.CVE-2024-3272
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.CVE-2024-3272
elFinder before 2elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.CVE-2019-9194
elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'elFinder PHP Connector exiftran Command Injection', 'Description' => %q{ This module exploits a command injeCVE-2019-9194
vendor/elfinder/php/connectorvendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainerCVE-2020-35235
Roxy Fileman 1Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.CVE-2018-20526
An issue in Tecrail Responsive FileManager v9An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.CVE-2022-46604
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)# Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution (RCE) # Date: 02-Feb-2023 # Exploit Author: Galoget Latorre (@galoget) # Vendor Homepage: https://responsivefilemanager.com # Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsive_filemanager.zip # Dockerfile: https://github.com/galoget/ResponsiveFileManager-CVE-2022-46604 # Version: 9.9.5 # Language: Python 3.x # Tested on: # - Ubuntu 22.04.5 LTS 64-bit # - Debian GNU/Linux 10 (bCVE-2022-46604
File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialogFile upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.CVE-2022-30529
Gecko CMS 2.3 - Multiple VulnerabilitiesGecko CMS 2.3 Multiple Vulnerabilities Vendor: JAKWEB Product web page: http://www.cmsgecko.com Affected version: 2.3 and 2.2 Summary: Gecko CMS is the way to go, forget complicated, bloated and slow content management systems, Gecko CMS has been build to be intuitive, easy to use, extendable to almost anything, running on all standard web hosting (PHP and one MySQL database, Apache is a plus), browser compatibility and fast, super fast! Desc: Gecko CMS suffers from multiple vulnerabilities CVE-2022-30529
Static code injection vulnerability in setupStatic code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.CVE-2009-1151
A path traversal vulnerability in the file upload functionality in tinyfilemanagerA path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.CVE-2021-45010
A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. This vulnerability affects unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVE-2024-3803
b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-B374K-CSRF-CMD-INJECTION.txt Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/ Product: ============================================== b374k versions 3.2.3 and 2.8 b374k is a PHP Webshell with many features such as: File manager (view, edit, rename, delete, uploaCVE-130253
Responsive FileManager < 9.13.4 - Directory TraversalThe following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com #1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET /filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd HTTP/1.1 Host: 192.168.5.129 User-Agent: Mozilla/5.0 (Windows CVE-2018-15536
Spryker Commerce OS 1Spryker Commerce OS 1.4.2 allows Remote Command Execution.CVE-2022-28888
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.CVE-2024-3273
A flaw was found in a change made to path normalization in Apache HTTP Server 2A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.CVE-2021-41773
An issue was discovered in ownCloud owncloud/graphapi 0An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.CVE-2023-49103
Directory traversal vulnerability in pageDirectory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.CVE-2010-3490
In PHP versions 8In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.CVE-2024-4577
Joomla! 1Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.CVE-2015-8562
TelerikTelerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.CVE-2017-9248
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure# Exploit Title: Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker # Filename: dp_crypto.py # Github: https://github.com/bao7uo/dp_crypto # Date: 2018-01-23 # Exploit Author: Paul Taylor / Foregenix Ltd # Website: http://www.foregenix.com/blog # Version: Telerik UI for ASP.NET AJAX # CVE: CVE-2017-9248 # Vendor Advisory: https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness # Tested on: Working on versions 2012.3.1308 thru 2017.1.118 (.NET 35, 40, 45) #!/usr/biCVE-2017-9248
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injectionVMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.CVE-2022-22954
/vendor/htmlawed/htmlawed/htmLawedTest/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.CVE-2022-35914
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data bindingA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.CVE-2022-22965
A vulnerability was found in hansunCMS 1A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability.CVE-2023-2245
A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-264747.CVE-2024-5050
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listingsource: https://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shell expansion" of the * character can occur under some configurations. This allows a remote attacker to obtain file listings, by passing *, /*, /usr/* etc., as variables. The ECHO command expands the * to give a directory listing of the specified directory. This couCVE-1999-0070
cgi-bin/kerbynet in ZeroShell 1cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.CVE-2009-0545
Credentials for Zivif PR115-204-P-RS V2Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.CVE-2017-17106
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.CVE-2015-1424
Gecko CMS 2.3 - Multiple VulnerabilitiesGecko CMS 2.3 Multiple Vulnerabilities Vendor: JAKWEB Product web page: http://www.cmsgecko.com Affected version: 2.3 and 2.2 Summary: Gecko CMS is the way to go, forget complicated, bloated and slow content management systems, Gecko CMS has been build to be intuitive, easy to use, extendable to almost anything, running on all standard web hosting (PHP and one MySQL database, Apache is a plus), browser compatibility and fast, super fast! Desc: Gecko CMS suffers from multiple vulnerabilities CVE-116970
CVE-116969
CVE-116968
CVE-116967
CVE-116966
CVE-2015-1424
CVE-2015-1423
CVE-2015-1422
In spring cloud gateway versions prior to 3In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.CVE-2022-22947
msgraph-sdk-php is the Microsoft Graph Library for PHPmsgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in versions 1.109.1 and 2.0.0-RC5. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` file, remove access to the `/vendor` directory, or disable the phpinfo function.CVE-2023-49282
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.CVE-2011-5148
OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload<?php /* OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Desc: The vulnerability is caused due to the improper verification of uploaded files in '/library/openflashchart/php-ofc-library/ofc_upload_image.phCVE-90222
CVE-2011-4275
CVE-2009-4140
CVE-59051
Privilege escalation in PHP-Fusion 9Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).CVE-2020-24949
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php CVE number: CVE-2018-20525, CVE-2018-20526 Found: 2018-12-07 Tested on: PHP 7.0, Ubuntu 16.04 LTS Author: Pongtorn Angsuchotmetee, Vittawat Masaree SnoopBees Lab https://www.snoopbees.com ==================================================CVE-2018-20526
CVE-2018-20525
sapi/cgi/cgi_mainsapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.CVE-2012-2336
SQL injection vulnerability in the formulaireRobot function in admin/robotsSQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php.CVE-2014-9348
The Duplicator WordPress plugin before 1The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.CVE-2022-2551
ThinkPHP before 3ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.CVE-2019-9082
Wordpress before 2Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.CVE-2009-2853
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download# Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download # Google Dork: N/A # Date: 07.27.2022 # Exploit Author: SecuriTrust # Vendor Homepage: https://snapcreek.com/ # Software Link: https://wordpress.org/plugins/duplicator/ # Version: < 1.4.7 # Tested on: Linux, Windows # CVE : CVE-2022-2551 # Reference: https://securitrust.fr # Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2551 #Product: WordPress Plugin Duplicator < 1.4.7 #Vulnerability: 1-It allowsCVE-2022-2551
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload###################### # Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip # Date : 2015-03-14 # Tested on : Linux BackBox 4.0 / curl 7.35.0 ###################### # Description: Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery displCVE-120303
Possible path traversal in Apache OFBiz allowing authentication bypass Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue. CVE-2024-25065
Pre-auth RCE in Apache Ofbiz 18 Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10 CVE-2023-49070
(1) boardData102(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.CVE-2016-1555
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI componentsA CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.CVE-2021-31249
A cross-site scripting (XSS) vulnerability in uploadA cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter.CVE-2019-14315
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.CVE-2022-30525
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute codeA PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. CVE-2023-36845
A reflected XSS issue exists in the Management Console of several WSO2 productsA reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.CVE-2022-29548
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as criticalA vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.CVE-2024-3721
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVE-2024-4584
Adobe Commerce versions 2Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.CVE-2022-24086
An arbitrary file upload vulnerability in Teller Web App vAn arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.CVE-2023-42362
An arbitrary file upload vulnerability was discovered in MCMS 5An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.CVE-2022-30506
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo StationAn externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and laterCVE-2022-27593
An issue was discovered in Chadha PHPKB 9An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.CVE-2020-11579
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.CVE-2019-19781
An issue was discovered in Joomla! 4An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.CVE-2023-23752
An issue was discovered in Joomla! before 3An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.CVE-2019-10945
An issue was discovered in Shirne CMS 1An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.phpCVE-2022-37299
Apache Struts 2Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.CVE-2019-0230
Before version 4Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.CVE-2017-14725
C99Shell (Web Shell) - 'c99.php' Authentication Bypass# Exploit Title: C99 Shell Authentication Bypass via Backdoor # Google Dork: inurl:c99.php # Date: June 23, 2014 # Exploit Author: mandatory ( Matthew Bryant ) # Vendor Homepage: http://ccteam.ru/ # Software Link: https://www.google.com/ # Version: < 1.00 beta # Tested on:Linux # CVE: N/A All C99.php shells are backdoored. To bypass authentication add "?c99shcook[login]=0" to the URL. e.g. http://127.0.0.1/c99.php?c99shcook[login]=0 The backdoor: @extract($_REQUEST["c99shcook"]); Which bypCVE-108979
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)# Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability # Date: 2018-11-11 # Exploit Author: Ameer Pornillos # Website: http://ethicalhackers.club # Vendor Homepage: http://www.clippercms.com/ # Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper_1.3.3 # Version: 1.3.3 # Tested on: Windows 10 x64 (XAMPP, Firefox) # CVE : CVE-2018-19135 * Description: ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload which is being used by default. ThisCVE-2018-19135
CMSimple 3.1 - Local File Inclusion / Arbitrary File Upload<pre> # # CMSimple 3.1 Local File Inclusion / Arbitrary File Upload # download: http://www.cmsimple.org/?Downloads # dork: "Powered by CMSimple" # # author: irk4z@yahoo.pl # homepage: http://irk4z.wordpress.com # Local File Inclusion : http://[host]/[path]/index.php?sl=[file]%00 http://[host]/[path]/index.php?sl=../../../../../../../etc/passwd%00 Arbitrary File Upload (into http://[host]/[path]/downloads/ ): </pre> <form method="POST" enctype="multipart/form-data" action="http://[host]/[pCVE-2008-2650
Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilitiessource: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. http://www.example.coCVE-2005-3285
CVE-20032
comment_delete_cgicomment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter.CVE-2005-2787
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.CVE-2023-4196
Cross-site scripting (XSS) vulnerability in WordPress before 2Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.CVE-2008-3233
CSE Bookstore version 1CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.CVE-2020-36112
dayrui FineCms 5dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character.CVE-2017-11581
Directory traversal vulnerability in help/miniDirectory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.CVE-2008-4718
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.CVE-2013-6397
Django 1Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.CVE-2020-9402
D-Link DNS-320 FW v2D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.CVE-2020-25506
Douchat 4Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php.CVE-2024-35324
elFinder is an open-source file manager for web, written in JavaScript using jQuery UIelFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.CVE-2021-32682
EmpireCMS v7EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.CVE-2018-18086
Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload################################################################ # # Falt4 CMS (fckeditor) Arbitrary File Upload Exploit # # Bug Discovered By : Sp3shial # # Sp3shial@ymail.com # # Persian Boys Hacking Team From A Land With A History-Long Background # # Download CMS : http://downloads.sourceforge.net/falt4/falt4extreme.zip?modtime=1196845455&big_mirror=0 # ############################################################### error_reporting(0); set_time_limit(0); ini_set("default_socket_timeout", 5);CVE-53650
CVE-2008-6178
File Upload vulnerability in zzzCMS vFile Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.CVE-2023-45555
File Upload vulnerability PMB vFile Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.CVE-2023-46474
Freepbx < 2.11.1.5 - Remote Code ExecutionExploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/ (Trixbox/freepbx/elastix/pbxinflash/) Tested on: Centos 6 CVE : CVE-2014-7235 1. Description a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy “FreePBX ARI Framework module/Asterisk Recording Interface (ARI)”CVE-2014-7235
FreePBX 2.8.0 - Recordings Interface Allows Remote Code ExecutionTrustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX (http://www.freepbx.org/) Product: FreePBX and VOIP solutions (AsteriskNOW, TrixBox, etc) using it Version(s) affected: 2.8.0 and below Product Description: FreePBX is an easy to use GUI (graphical user interface) that controls and manages Asterisk, the world's most CVE-2010-3490
CVE-68240
GeoServer is an open source server that allows users to share and edit geospatial dataGeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.CVE-2024-36401
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill ProviderImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected. CVE-2023-39553
In JetBrains TeamCity before 2023In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possibleCVE-2024-27198
In PHP 8In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.  CVE-2023-0567
In PuTTY 0In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.CVE-2024-31497
In WordPress through 4In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.CVE-2018-6389
Jenkins 2Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.CVE-2024-23897
Jenkins versions 2Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.CVE-2017-1000353
Joomla! Component com_civicrm 4.2.2 - Remote Code Injection# Exploit Title: joomla component com_civicrm remode code injection exploit # Google Dork:"Index of /joomla/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart" # Date: 20/04/2013 # Exploit Author: iskorpitx # Vendor Homepage: http://civicrm.org # Software Link: http://civicrm.org/blogs/yashodha/announcing-civicrm-422 # Version: [civicrm 4.2.2] # Tested on: Win8 Pro x64 # CVE : http://www.securityweb.org <?php # Joomla component com_civicrm OpenFlashCart ofc_upload_image.pCVE-2011-4275
CVE-59051
CVE-2009-4140
Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution<?PHP /* -------------------------------------------------------------------------------- Title: Simple File Upload v1.3 (module for joomla) Remote Code Execution Exploit -------------------------------------------------------------------------------- Author...............: gmda Google Dork..........:"Simple File Upload v1.3" "Powered by Joomla" Mail.................: gmda[at]email[dot]it Site.................: http://www.gmda.altervista.org/ Date.................: CVE-78122
CVE-2011-5148
jQuery-File-Upload 9.22.0 - Arbitrary File Upload# Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload # Author: Larry W. Cashdollar, @_larry0 # Date: 2018-10-09 # Vendor: https://github.com/blueimp # Download Site: https://github.com/blueimp/jQuery-File-Upload/releases # CVE-ID: N/A # Vulnerability: # The code in https://github.com/blueimp/jQuery-File-Upload/blob/master/server/php/UploadHandler.php # doesn't require any validation to upload files to the server. It also doesn't exclude file types. # This allows for remote code executCVE-2018-9206
Laravel Administrator 4 - Unrestricted File Upload (Authenticated)# Exploit title: Laravel Administrator 4 - Unrestricted File Upload (Authenticated) # Author: Victor Campos and Xavi Beltran # Contact: vcmartin@protonmail.com # Exploit Development: https://xavibel.com/2020/03/23/unrestricted-file-upload-in-frozennode-laravel-administrator/ # Date: 25/3/2020 # Software link: https://github.com/FrozenNode/Laravel-Administrator/ # Version : 4 # Tested on: Laravel-Administrator 4 # CVE : CVE-2020-10963 #!/usr/bin/env python import requests,json,traceback from reCVE-2020-10963
LB-LINK BL-AC1900_2LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.CVE-2023-26801
libexpat through 2libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.CVE-2023-52425
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from namesLotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.CVE-2005-2428
Magento Server MAGMI Plugin 0.7.17a - Remote File InclusionExploit found date: 10/24/2014 Security Researcher name: Parvinder Bhasin Contact info: parvinder.bhasin@gmail.com twitter: @parvinderb - scorpio Currently tested version: Magento version: Magento CE - 1.8 older MAGMI version: v0.7.17a older Download software link: Magento server: http://www.magentocommerce.com/download MAGMI Plugin: https://sourceforge.net/projects/magmi/files/magmi-0.7/plugins/packages/ MAGMI (MAGento Mass Importer) suffers from File inclusion vulnerability (RFI) whicCVE-113848
CVE-2014-8770
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumbMajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.CVE-2023-50917
MantisBT through 2MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.CVE-2017-7615
Movable Type 7 rMovable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.CVE-2021-20837
mproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Many file operations are intended to take place within a restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the "../" sequence, which in most modern operating systems is interpreted as the parent directory of the current location. This is referred to as relative path traversal. Path traversal also covers the use of absolute pathnames such as "/usr/local/bin", which may also be useful in accessing unexpected files. This is referred to as absolute path traversal. In many programming languages, the injection of a null byte (the 0 or NUL) may allow an attacker to truncate a generated filename to widen the scope of attack. For example, the product may add ".txt" to any pathname, thus limiting the attacker to text files, but a null injection may effectively remove this restriction.CVE-2013-1891
Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php.CVE-2005-4223
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (RevMultiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.CVE-2013-5223
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_OperationMultiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.CVE-2013-4702
NexusQA NexusDB before 4NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.CVE-2020-24571
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /passwordPassword disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.CVE-2019-15859
Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload# Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload # Date: 01-03-2024 # Exploit Author: Shubham Pandey # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html # Version: 1.0 # Tested on: Windows, Linux # CVE : CVE-2024-27747 # Description: File Upload vulnerability in Petrol Pump Management Software v.1.0 allows an attacker to execute arbitrary code vCVE-2024-27747
PHP gettext 1.0.12 - 'gettext.php' Code Execution[CVE-2016-6175] gettext.php <= 1.0.12 unauthenticated code execution with POTENTIAL privileges escalation # Date: June 25th, 2016 # Author: kmkz (Bourbon Jean-marie) <mail.bourbon@gmail.com> | @kmkz_security # Project Homepage: https://launchpad.net/php-gettext/ # Download: https://launchpad.net/php-gettext/trunk/1.0.12/+download/php-gettext-1.0.12.tar.gz # Version: 1.0.12 (latest release) # Tested on: Linux Debian, PHP 5.6.19-2+b1 # CVSS: 7.1 # OVE ID: OVE-20160705-0004 # CVE ID: CVE-2016-617CVE-2016-6175
PHP Melody 1.5.3 - Arbitrary File Upload Injection--------------------------------------------------- PHP Melody 1.5.3 remote injection upload file --------------------------------------------------- ################################################### [+] Author : Chip D3 Bi0s [+] Email : chipdebios[alt+64]gmail.com [+] Group : LatinHackTeam [+] Vulnerability : SQL injection ################################################### ---------info Cms---------------- name : PHP Melody version 1.5.2 email : suppoCVE-56581
PHP remote file inclusion vulnerability in indexPHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.CVE-2007-2143
PHP Scripts Mall PHP Appointment Booking Script 3PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile.CVE-2019-9066
phpPgAdmin 4.2.1 - '_language' Local File Inclusion:::::::-. ... ::::::. :::. ;;, `';, ;; ;;;`;;;;, `;;; `[[ [[[[' [[[ [[[[[. '[[ $$, $$$$ $$$ $$$ "Y$c$$ 888_,o8P'88 .d888 888 Y88 MMMMP"` "YmmMMMM"" MMM YM [ Discovered by dun dun[at]strcpy.pl ] ################################################################## # [ phpPgAdmin <= 4.2.1 ] Local File Inclusion Vulnerability # ################################################################## # # Script: "phpPgAdmin is a CVE-2008-5587
QNAP QTS before 4QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.CVE-2017-6361
Roxy Fileman 1.4.5 - Directory Traversal# Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal # Author: Patrik Lantz # Date: 2019-12-06 # Software: Roxy Fileman # Version: 1.4.5 # Vendor Homepage: http://www.roxyfileman.com/ # Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net # CVE: CVE-2019-19731 Tested on: ASP.NET 4.0.30319 and Microsoft-IIS 10.0, Windows 10 Pro Build 17134 (using custom account as application pool identity for the IIS worker process). =========================== Description ================CVE-2019-19731
sapi/cgi/cgi_mainsapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.CVE-2012-1823
Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Udp include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Exploit::Remote::SSH def initialize(info={}) super(update_info(info, 'Name' => "Schneider Electric Pelco Endura NET55XX Encoder", 'DCVE-2019-6814
SeedDMS versions < 5.1.11 - Remote Command Execution# Exploit Title: [Remote Command Execution through Unvalidated File Upload in SeedDMS versions <5.1.11] # Google Dork: [NA] # Date: [20-June-2019] # Exploit Author: [Nimit Jain](https://www.linkedin.com/in/nimitiitk)(https://secfolks.blogspot.com) # Vendor Homepage: [https://www.seeddms.org] # Software Link: [https://sourceforge.net/projects/seeddms/files/] # Version: [SeedDMS versions <5.1.11] (REQUIRED) # Tested on: [NA] # CVE : [CVE-2019-12744] Exploit Steps: Step 1: Login to the applicatioCVE-2019-12744
senddoc in OpenOfficesenddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.CVE-2008-4937
SimpleBBS 1.0.6/1.0.7/1.1 - Arbitrary Command Executionsource: https://www.securityfocus.com/bid/17501/info SimpleBBS is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary PHP commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible. #!/usr/bin/perl -w # SimpleBBS v1.1(posts.php) remote command execution XpCVE-2006-1800
CVE-24689
Sitecore XP 7Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.CVE-2021-42237
Spring Framework, versions 5Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.CVE-2018-1271
SQL Injection exists in the OS Property Real Estate 3SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.CVE-2018-7319
SQL injection vulnerability in indexSQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.CVE-2008-1975
SQL injection vulnerability in offers_buySQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.CVE-2010-1726
Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusionsource: https://www.securityfocus.com/bid/18231/info SquirrelMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow unauthorized users to view files and to execute local scripts; other attacks are also possible. http://www.example.com/[squirrelmail dir]/src/redirect.php?plugins[]=../../../../etc/passwd%00CVE-2006-2842
TelerikTelerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.CVE-2017-11317
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.CVE-2022-30023
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/indexThe ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.CVE-2015-9479
The K2 component 2The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloadsCVE-2018-7482
The limit-login-attempts-reloaded plugin before 2The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims.CVE-2020-35589
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.CVE-2014-8361
The Photo Sharing Plus component on Sony Bravia TV through 8The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal.CVE-2018-16594
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local coreThe ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.CVE-2021-27905
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' commandThe restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).CVE-2021-31581
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/ImageThe WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2. CVE-2021-42362
The wp_ajax_update_plugin function in wp-admin/includes/ajax-actionsThe wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.CVE-2016-10148
There is a remote code execution vulnerability that affects all versions of NetMan 204There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.CVE-2022-47893
TP-Link TL-WR340G / TL-WR340GD - Multiple Vulnerabilities#Title: TP-LINK Model No. TL-WR340G/TL-WR340GD - Multiple Vulnerabilities #Date: 01.07.14 #Vendor: TP-LINK #Affected versions: TL-WR340G/TL-WR340GD #Tested on: Firmware Version - 4.3.7 Build 090901 Rel.61899n, Hardware Version - WR340G v5 081520C2 [at] Linux #Contact: smash [at] devilteam.pl Persistent Cross Site Scripting vulnerabilities exists because of poor parameters filtration. Our value is stored in javascript array, since it's not correctly verified nor filtered, it is able to inject jCVE-111720
CVE-111712
CVE-111711
CVE-111708
CVE-111707
CVE-111706
CVE-111705
CVE-111704
CVE-111703
CVE-100357
CVE-100355
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.CVE-2022-40734
Unrestricted file upload vulnerability in ofc_upload_imageUnrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.CVE-2009-4140
Unrestricted file upload vulnerability in viewUnrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.CVE-2013-4949
WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)# Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated) # Date: 16/09/2021 # Exploit Author: David Utón (M3n0sD0n4ld) # Vendor Homepage: https://wordpress.com # Affected Version: WordPress 5.6-5.7 & PHP8 # Tested on: Linux Ubuntu 18.04.5 LTS # CVE : CVE-2021-29447 #!/bin/bash # Author: @David_Uton (m3n0sd0n4ld) # Usage: $./CVE-2021-29447.sh TARGET WP_USERNAME WP_PASSWORD PATH/FILE.EXT LHOST # Example: $ ./CVE-2021-29447.sh 10.10.XX.XX wptest test ..CVE-2021-29447
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting# Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting # Date: 27.11.2020 # Exploit Author: b3kc4t (Mustafa GUNDOGDU) # Vendor Homepage: https://www.myeventon.com/ # Version: 3.0.5 # Tested on: Ubuntu 18.04 # CVE : 2020-29395 # Description Link: https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS """ ~ VULNERABLITY DETAILS ~ https://target/addons/?q=<svg/onload=alert(/b3kc4t/)> # WordPress sites that useCVE-2020-29395
Zeroshell 3Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.CVE-2019-12725

Last updated: December 4, 2024

UK cyber exploit scan reports archive

Cyber security January, 2024
Cyber security February, 2024
Cyber security March, 2024
Cyber security April, 2024
Cyber security May, 2024
Cyber security June, 2024
Cyber security July, 2024
Cyber security August, 2024
Cyber security September, 2024
Cyber security October, 2024
Cyber security November, 2024

If it's a great idea but you need help to make it a demonstrable reality Web Loft can help.
Webloft has experience in rapid prototyping using modern industry standard components.

GET IN TOUCH

Web Loft has a wealth of experience working with a variety of technologies, languages and frameworks. Looking for something specific? Please check out the list below. If you don't see what you're looking for please get in touch and we can discuss how we can help.


Get in touch with us today. We're looking forward to working with you


Get in Touch