curl -X 'GET' -k 'https://ip_lookup.webloft.co.uk/api/ipr/{IP_ADDRESS}' -H 'accept: application/json' -H 'API_KEY: {API_KEY}'
{
"ip": "123.123.123.123",*
"hostname": "No-HostName",
"continent_code": "EU",
"continent_name": "Europe",
"country_code": "NL",
"country_name": "Europe",
"region_code": "NH",
"region_name": "North Holland",
"city": "Diemen",
"zip": "1101",
"latitude": 52.349998,**
"longitude": 4.916999,**
"first_seen": "09/03/2023 22:36:56",
"last_seen": "20/04/2023 05:10:25",
"urlThreatDescriptions": [
"Apache Solr 8.2.0 - Remote Code Execution - [CVE-2019-17558]",
"Directory Index Scan",
"inurl:?XDEBUG_SESSION_START=phpstorm",
"Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit) - [CVE-2019-1003000]",
"Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE) - [CVE-2022-22947]",
"ThinkPHP 5.X - Remote Command Execution",
"Util/PHP/eval-stdin - [CVE-2017-9841]"
],
"security": {
"is_proxy": true,
"proxy_type": open,
"is_crawler": false,
"crawler_name": null,
"crawler_type": null,
"is_tor": false,
"threat_level": "Medium"
},
"portScans": [
{
"port": 8080,
"number": 170
},
{
"port": 443,
"number": 147
},
{
"port": 80,
"number": 166
}
]
}
Country | Number |
---|---|
United States | 71866 |
China | 18074 |
India | 12704 |
Germany | 12032 |
Czechia | 7099 |
France | 5846 |
Singapore | 5640 |
UK | 4906 |
Taiwan | 4301 |
Russia | 3834 |
Port | Number |
---|---|
80 | 236708 |
23 | 139793 |
25 | 39515 |
8080 | 28560 |
21 | 19657 |
2323 | 13880 |
110 | 12263 |
Exploit | Exploit Information | CVE |
---|---|---|
TP-Link Archer AX21 (AX1800) firmware versions before 1 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | CVE-2023-1389 |
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated) | # Exploit Title: PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated) # Date: 2022/01/30 # Exploit Author: souzo # Vendor Homepage: phpunit.de # Version: 4.8.28 # Tested on: Unit # CVE : CVE-2017-9841 import requests from sys import argv phpfiles = ["/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin. | CVE-2017-9841 |
Util/PHP/eval-stdin | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. | CVE-2017-9841 |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | CVE-2024-3272 |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | CVE-2024-3272 |
elFinder before 2 | elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. | CVE-2019-9194 |
elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit) | ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'elFinder PHP Connector exiftran Command Injection', 'Description' => %q{ This module exploits a command inje | CVE-2019-9194 |
vendor/elfinder/php/connector | vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | CVE-2020-35235 |
Roxy Fileman 1 | Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. | CVE-2018-20526 |
An issue in Tecrail Responsive FileManager v9 | An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | CVE-2022-46604 |
Responsive FileManager 9.9.5 - Remote Code Execution (RCE) | # Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution (RCE) # Date: 02-Feb-2023 # Exploit Author: Galoget Latorre (@galoget) # Vendor Homepage: https://responsivefilemanager.com # Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsive_filemanager.zip # Dockerfile: https://github.com/galoget/ResponsiveFileManager-CVE-2022-46604 # Version: 9.9.5 # Language: Python 3.x # Tested on: # - Ubuntu 22.04.5 LTS 64-bit # - Debian GNU/Linux 10 (b | CVE-2022-46604 |
File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog | File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. | CVE-2022-30529 |
Gecko CMS 2.3 - Multiple Vulnerabilities | Gecko CMS 2.3 Multiple Vulnerabilities Vendor: JAKWEB Product web page: http://www.cmsgecko.com Affected version: 2.3 and 2.2 Summary: Gecko CMS is the way to go, forget complicated, bloated and slow content management systems, Gecko CMS has been build to be intuitive, easy to use, extendable to almost anything, running on all standard web hosting (PHP and one MySQL database, Apache is a plus), browser compatibility and fast, super fast! Desc: Gecko CMS suffers from multiple vulnerabilities | CVE-2022-30529 |
Static code injection vulnerability in setup | Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | CVE-2009-1151 |
A path traversal vulnerability in the file upload functionality in tinyfilemanager | A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. | CVE-2021-45010 |
A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408 | A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. This vulnerability affects unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVE-2024-3803 |
b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection | [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-B374K-CSRF-CMD-INJECTION.txt Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/ Product: ============================================== b374k versions 3.2.3 and 2.8 b374k is a PHP Webshell with many features such as: File manager (view, edit, rename, delete, uploa | CVE-130253 |
Responsive FileManager < 9.13.4 - Directory Traversal | The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com #1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET /filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd HTTP/1.1 Host: 192.168.5.129 User-Agent: Mozilla/5.0 (Windows | CVE-2018-15536 |
Spryker Commerce OS 1 | Spryker Commerce OS 1.4.2 allows Remote Command Execution. | CVE-2022-28888 |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | CVE-2024-3273 |
A flaw was found in a change made to path normalization in Apache HTTP Server 2 | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. | CVE-2021-41773 |
An issue was discovered in ownCloud owncloud/graphapi 0 | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure. | CVE-2023-49103 |
Directory traversal vulnerability in page | Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root. | CVE-2010-3490 |
In PHP versions 8 | In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | CVE-2024-4577 |
Joomla! 1 | Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. | CVE-2015-8562 |
Telerik | Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | CVE-2017-9248 |
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure | # Exploit Title: Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker # Filename: dp_crypto.py # Github: https://github.com/bao7uo/dp_crypto # Date: 2018-01-23 # Exploit Author: Paul Taylor / Foregenix Ltd # Website: http://www.foregenix.com/blog # Version: Telerik UI for ASP.NET AJAX # CVE: CVE-2017-9248 # Vendor Advisory: https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness # Tested on: Working on versions 2012.3.1308 thru 2017.1.118 (.NET 35, 40, 45) #!/usr/bi | CVE-2017-9248 |
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. | CVE-2022-22954 |
/vendor/htmlawed/htmlawed/htmLawedTest | /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. | CVE-2022-35914 |
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | CVE-2022-22965 |
A vulnerability was found in hansunCMS 1 | A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability. | CVE-2023-2245 |
A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516 | A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-264747. | CVE-2024-5050 |
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing | source: https://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shell expansion" of the * character can occur under some configurations. This allows a remote attacker to obtain file listings, by passing *, /*, /usr/* etc., as variables. The ECHO command expands the * to give a directory listing of the specified directory. This cou | CVE-1999-0070 |
cgi-bin/kerbynet in ZeroShell 1 | cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. | CVE-2009-0545 |
Credentials for Zivif PR115-204-P-RS V2 | Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. | CVE-2017-17106 |
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2 | Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php. | CVE-2015-1424 |
Gecko CMS 2.3 - Multiple Vulnerabilities | Gecko CMS 2.3 Multiple Vulnerabilities Vendor: JAKWEB Product web page: http://www.cmsgecko.com Affected version: 2.3 and 2.2 Summary: Gecko CMS is the way to go, forget complicated, bloated and slow content management systems, Gecko CMS has been build to be intuitive, easy to use, extendable to almost anything, running on all standard web hosting (PHP and one MySQL database, Apache is a plus), browser compatibility and fast, super fast! Desc: Gecko CMS suffers from multiple vulnerabilities | CVE-116970 CVE-116969 CVE-116968 CVE-116967 CVE-116966 CVE-2015-1424 CVE-2015-1423 CVE-2015-1422 |
In spring cloud gateway versions prior to 3 | In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. | CVE-2022-22947 |
msgraph-sdk-php is the Microsoft Graph Library for PHP | msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in versions 1.109.1 and 2.0.0-RC5. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` file, remove access to the `/vendor` directory, or disable the phpinfo function. | CVE-2023-49282 |
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1 | Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. | CVE-2011-5148 |
OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload | <?php /* OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Desc: The vulnerability is caused due to the improper verification of uploaded files in '/library/openflashchart/php-ofc-library/ofc_upload_image.ph | CVE-90222 CVE-2011-4275 CVE-2009-4140 CVE-59051 |
Privilege escalation in PHP-Fusion 9 | Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). | CVE-2020-24949 |
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal | ====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php CVE number: CVE-2018-20525, CVE-2018-20526 Found: 2018-12-07 Tested on: PHP 7.0, Ubuntu 16.04 LTS Author: Pongtorn Angsuchotmetee, Vittawat Masaree SnoopBees Lab https://www.snoopbees.com ================================================== | CVE-2018-20526 CVE-2018-20525 |
sapi/cgi/cgi_main | sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. | CVE-2012-2336 |
SQL injection vulnerability in the formulaireRobot function in admin/robots | SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php. | CVE-2014-9348 |
The Duplicator WordPress plugin before 1 | The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. | CVE-2022-2551 |
ThinkPHP before 3 | ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | CVE-2019-9082 |
Wordpress before 2 | Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/. | CVE-2009-2853 |
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download | # Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download # Google Dork: N/A # Date: 07.27.2022 # Exploit Author: SecuriTrust # Vendor Homepage: https://snapcreek.com/ # Software Link: https://wordpress.org/plugins/duplicator/ # Version: < 1.4.7 # Tested on: Linux, Windows # CVE : CVE-2022-2551 # Reference: https://securitrust.fr # Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2551 #Product: WordPress Plugin Duplicator < 1.4.7 #Vulnerability: 1-It allows | CVE-2022-2551 |
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload | ###################### # Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip # Date : 2015-03-14 # Tested on : Linux BackBox 4.0 / curl 7.35.0 ###################### # Description: Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery displ | CVE-120303 |
Possible path traversal in Apache OFBiz allowing authentication bypass | Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue. | CVE-2024-25065 |
Pre-auth RCE in Apache Ofbiz 18 | Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | CVE-2023-49070 |
(1) boardData102 | (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | CVE-2016-1555 |
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components | A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components. | CVE-2021-31249 |
A cross-site scripting (XSS) vulnerability in upload | A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter. | CVE-2019-14315 |
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | CVE-2022-30525 |
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. | CVE-2023-36845 |
A reflected XSS issue exists in the Management Console of several WSO2 products | A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. | CVE-2022-29548 |
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical | A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability. | CVE-2024-3721 |
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429 | A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVE-2024-4584 |
Adobe Commerce versions 2 | Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. | CVE-2022-24086 |
An arbitrary file upload vulnerability in Teller Web App v | An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file. | CVE-2023-42362 |
An arbitrary file upload vulnerability was discovered in MCMS 5 | An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | CVE-2022-30506 |
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station | An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later | CVE-2022-27593 |
An issue was discovered in Chadha PHPKB 9 | An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. | CVE-2020-11579 |
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10 | An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. | CVE-2019-19781 |
An issue was discovered in Joomla! 4 | An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | CVE-2023-23752 |
An issue was discovered in Joomla! before 3 | An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. | CVE-2019-10945 |
An issue was discovered in Shirne CMS 1 | An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php | CVE-2022-37299 |
Apache Struts 2 | Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | CVE-2019-0230 |
Before version 4 | Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | CVE-2017-14725 |
C99Shell (Web Shell) - 'c99.php' Authentication Bypass | # Exploit Title: C99 Shell Authentication Bypass via Backdoor # Google Dork: inurl:c99.php # Date: June 23, 2014 # Exploit Author: mandatory ( Matthew Bryant ) # Vendor Homepage: http://ccteam.ru/ # Software Link: https://www.google.com/ # Version: < 1.00 beta # Tested on:Linux # CVE: N/A All C99.php shells are backdoored. To bypass authentication add "?c99shcook[login]=0" to the URL. e.g. http://127.0.0.1/c99.php?c99shcook[login]=0 The backdoor: @extract($_REQUEST["c99shcook"]); Which byp | CVE-108979 |
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) | # Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability # Date: 2018-11-11 # Exploit Author: Ameer Pornillos # Website: http://ethicalhackers.club # Vendor Homepage: http://www.clippercms.com/ # Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper_1.3.3 # Version: 1.3.3 # Tested on: Windows 10 x64 (XAMPP, Firefox) # CVE : CVE-2018-19135 * Description: ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload which is being used by default. This | CVE-2018-19135 |
CMSimple 3.1 - Local File Inclusion / Arbitrary File Upload | <pre> # # CMSimple 3.1 Local File Inclusion / Arbitrary File Upload # download: http://www.cmsimple.org/?Downloads # dork: "Powered by CMSimple" # # author: irk4z@yahoo.pl # homepage: http://irk4z.wordpress.com # Local File Inclusion : http://[host]/[path]/index.php?sl=[file]%00 http://[host]/[path]/index.php?sl=../../../../../../../etc/passwd%00 Arbitrary File Upload (into http://[host]/[path]/downloads/ ): </pre> <form method="POST" enctype="multipart/form-data" action="http://[host]/[p | CVE-2008-2650 |
Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities | source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. http://www.example.co | CVE-2005-3285 CVE-20032 |
comment_delete_cgi | comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter. | CVE-2005-2787 |
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2 | Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | CVE-2023-4196 |
Cross-site scripting (XSS) vulnerability in WordPress before 2 | Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVE-2008-3233 |
CSE Bookstore version 1 | CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running. | CVE-2020-36112 |
dayrui FineCms 5 | dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character. | CVE-2017-11581 |
Directory traversal vulnerability in help/mini | Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156. | CVE-2008-4718 |
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4 | Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. | CVE-2013-6397 |
Django 1 | Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. | CVE-2020-9402 |
D-Link DNS-320 FW v2 | D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | CVE-2020-25506 |
Douchat 4 | Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php. | CVE-2024-35324 |
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI | elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication. | CVE-2021-32682 |
EmpireCMS v7 | EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. | CVE-2018-18086 |
Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload | ################################################################ # # Falt4 CMS (fckeditor) Arbitrary File Upload Exploit # # Bug Discovered By : Sp3shial # # Sp3shial@ymail.com # # Persian Boys Hacking Team From A Land With A History-Long Background # # Download CMS : http://downloads.sourceforge.net/falt4/falt4extreme.zip?modtime=1196845455&big_mirror=0 # ############################################################### error_reporting(0); set_time_limit(0); ini_set("default_socket_timeout", 5); | CVE-53650 CVE-2008-6178 |
File Upload vulnerability in zzzCMS v | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | CVE-2023-45555 |
File Upload vulnerability PMB v | File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. | CVE-2023-46474 |
Freepbx < 2.11.1.5 - Remote Code Execution | Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/ (Trixbox/freepbx/elastix/pbxinflash/) Tested on: Centos 6 CVE : CVE-2014-7235 1. Description a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy “FreePBX ARI Framework module/Asterisk Recording Interface (ARI)” | CVE-2014-7235 |
FreePBX 2.8.0 - Recordings Interface Allows Remote Code Execution | Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX (http://www.freepbx.org/) Product: FreePBX and VOIP solutions (AsteriskNOW, TrixBox, etc) using it Version(s) affected: 2.8.0 and below Product Description: FreePBX is an easy to use GUI (graphical user interface) that controls and manages Asterisk, the world's most | CVE-2010-3490 CVE-68240 |
GeoServer is an open source server that allows users to share and edit geospatial data | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed. | CVE-2024-36401 |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider | Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected. | CVE-2023-39553 |
In JetBrains TeamCity before 2023 | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | CVE-2024-27198 |
In PHP 8 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. | CVE-2023-0567 |
In PuTTY 0 | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. | CVE-2024-31497 |
In WordPress through 4 | In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. | CVE-2018-6389 |
Jenkins 2 | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | CVE-2024-23897 |
Jenkins versions 2 | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default. | CVE-2017-1000353 |
Joomla! Component com_civicrm 4.2.2 - Remote Code Injection | # Exploit Title: joomla component com_civicrm remode code injection exploit # Google Dork:"Index of /joomla/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart" # Date: 20/04/2013 # Exploit Author: iskorpitx # Vendor Homepage: http://civicrm.org # Software Link: http://civicrm.org/blogs/yashodha/announcing-civicrm-422 # Version: [civicrm 4.2.2] # Tested on: Win8 Pro x64 # CVE : http://www.securityweb.org <?php # Joomla component com_civicrm OpenFlashCart ofc_upload_image.p | CVE-2011-4275 CVE-59051 CVE-2009-4140 |
Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution | <?PHP /* -------------------------------------------------------------------------------- Title: Simple File Upload v1.3 (module for joomla) Remote Code Execution Exploit -------------------------------------------------------------------------------- Author...............: gmda Google Dork..........:"Simple File Upload v1.3" "Powered by Joomla" Mail.................: gmda[at]email[dot]it Site.................: http://www.gmda.altervista.org/ Date.................: | CVE-78122 CVE-2011-5148 |
jQuery-File-Upload 9.22.0 - Arbitrary File Upload | # Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload # Author: Larry W. Cashdollar, @_larry0 # Date: 2018-10-09 # Vendor: https://github.com/blueimp # Download Site: https://github.com/blueimp/jQuery-File-Upload/releases # CVE-ID: N/A # Vulnerability: # The code in https://github.com/blueimp/jQuery-File-Upload/blob/master/server/php/UploadHandler.php # doesn't require any validation to upload files to the server. It also doesn't exclude file types. # This allows for remote code execut | CVE-2018-9206 |
Laravel Administrator 4 - Unrestricted File Upload (Authenticated) | # Exploit title: Laravel Administrator 4 - Unrestricted File Upload (Authenticated) # Author: Victor Campos and Xavi Beltran # Contact: vcmartin@protonmail.com # Exploit Development: https://xavibel.com/2020/03/23/unrestricted-file-upload-in-frozennode-laravel-administrator/ # Date: 25/3/2020 # Software link: https://github.com/FrozenNode/Laravel-Administrator/ # Version : 4 # Tested on: Laravel-Administrator 4 # CVE : CVE-2020-10963 #!/usr/bin/env python import requests,json,traceback from re | CVE-2020-10963 |
LB-LINK BL-AC1900_2 | LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg. | CVE-2023-26801 |
libexpat through 2 | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | CVE-2023-52425 |
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names | Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. | CVE-2005-2428 |
Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion | Exploit found date: 10/24/2014 Security Researcher name: Parvinder Bhasin Contact info: parvinder.bhasin@gmail.com twitter: @parvinderb - scorpio Currently tested version: Magento version: Magento CE - 1.8 older MAGMI version: v0.7.17a older Download software link: Magento server: http://www.magentocommerce.com/download MAGMI Plugin: https://sourceforge.net/projects/magmi/files/magmi-0.7/plugins/packages/ MAGMI (MAGento Mass Importer) suffers from File inclusion vulnerability (RFI) whic | CVE-113848 CVE-2014-8770 |
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb | MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. | CVE-2023-50917 |
MantisBT through 2 | MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | CVE-2017-7615 |
Movable Type 7 r | Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. | CVE-2021-20837 |
mproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Many file operations are intended to take place within a restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the "../" sequence, which in most modern operating systems is interpreted as the parent directory of the current location. This is referred to as relative path traversal. Path traversal also covers the use of absolute pathnames such as "/usr/local/bin", which may also be useful in accessing unexpected files. This is referred to as absolute path traversal. In many programming languages, the injection of a null byte (the 0 or NUL) may allow an attacker to truncate a generated filename to widen the scope of attack. For example, the product may add ".txt" to any pathname, thus limiting the attacker to text files, but a null injection may effectively remove this restriction. | CVE-2013-1891 |
Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1 | Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php. | CVE-2005-4223 |
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl. | CVE-2013-5223 |
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation | Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value. | CVE-2013-4702 |
NexusQA NexusDB before 4 | NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. | CVE-2020-24571 |
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password | Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. | CVE-2019-15859 |
Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload | # Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload # Date: 01-03-2024 # Exploit Author: Shubham Pandey # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html # Version: 1.0 # Tested on: Windows, Linux # CVE : CVE-2024-27747 # Description: File Upload vulnerability in Petrol Pump Management Software v.1.0 allows an attacker to execute arbitrary code v | CVE-2024-27747 |
PHP gettext 1.0.12 - 'gettext.php' Code Execution | [CVE-2016-6175] gettext.php <= 1.0.12 unauthenticated code execution with POTENTIAL privileges escalation # Date: June 25th, 2016 # Author: kmkz (Bourbon Jean-marie) <mail.bourbon@gmail.com> | @kmkz_security # Project Homepage: https://launchpad.net/php-gettext/ # Download: https://launchpad.net/php-gettext/trunk/1.0.12/+download/php-gettext-1.0.12.tar.gz # Version: 1.0.12 (latest release) # Tested on: Linux Debian, PHP 5.6.19-2+b1 # CVSS: 7.1 # OVE ID: OVE-20160705-0004 # CVE ID: CVE-2016-617 | CVE-2016-6175 |
PHP Melody 1.5.3 - Arbitrary File Upload Injection | --------------------------------------------------- PHP Melody 1.5.3 remote injection upload file --------------------------------------------------- ################################################### [+] Author : Chip D3 Bi0s [+] Email : chipdebios[alt+64]gmail.com [+] Group : LatinHackTeam [+] Vulnerability : SQL injection ################################################### ---------info Cms---------------- name : PHP Melody version 1.5.2 email : suppo | CVE-56581 |
PHP remote file inclusion vulnerability in index | PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | CVE-2007-2143 |
PHP Scripts Mall PHP Appointment Booking Script 3 | PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | CVE-2019-9066 |
phpPgAdmin 4.2.1 - '_language' Local File Inclusion | :::::::-. ... ::::::. :::. ;;, `';, ;; ;;;`;;;;, `;;; `[[ [[[[' [[[ [[[[[. '[[ $$, $$$$ $$$ $$$ "Y$c$$ 888_,o8P'88 .d888 888 Y88 MMMMP"` "YmmMMMM"" MMM YM [ Discovered by dun dun[at]strcpy.pl ] ################################################################## # [ phpPgAdmin <= 4.2.1 ] Local File Inclusion Vulnerability # ################################################################## # # Script: "phpPgAdmin is a | CVE-2008-5587 |
QNAP QTS before 4 | QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. | CVE-2017-6361 |
Roxy Fileman 1.4.5 - Directory Traversal | # Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal # Author: Patrik Lantz # Date: 2019-12-06 # Software: Roxy Fileman # Version: 1.4.5 # Vendor Homepage: http://www.roxyfileman.com/ # Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net # CVE: CVE-2019-19731 Tested on: ASP.NET 4.0.30319 and Microsoft-IIS 10.0, Windows 10 Pro Build 17134 (using custom account as application pool identity for the IIS worker process). =========================== Description ================ | CVE-2019-19731 |
sapi/cgi/cgi_main | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | CVE-2012-1823 |
Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit) | ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Udp include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Exploit::Remote::SSH def initialize(info={}) super(update_info(info, 'Name' => "Schneider Electric Pelco Endura NET55XX Encoder", 'D | CVE-2019-6814 |
SeedDMS versions < 5.1.11 - Remote Command Execution | # Exploit Title: [Remote Command Execution through Unvalidated File Upload in SeedDMS versions <5.1.11] # Google Dork: [NA] # Date: [20-June-2019] # Exploit Author: [Nimit Jain](https://www.linkedin.com/in/nimitiitk)(https://secfolks.blogspot.com) # Vendor Homepage: [https://www.seeddms.org] # Software Link: [https://sourceforge.net/projects/seeddms/files/] # Version: [SeedDMS versions <5.1.11] (REQUIRED) # Tested on: [NA] # CVE : [CVE-2019-12744] Exploit Steps: Step 1: Login to the applicatio | CVE-2019-12744 |
senddoc in OpenOffice | senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file. | CVE-2008-4937 |
SimpleBBS 1.0.6/1.0.7/1.1 - Arbitrary Command Execution | source: https://www.securityfocus.com/bid/17501/info SimpleBBS is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary PHP commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible. #!/usr/bin/perl -w # SimpleBBS v1.1(posts.php) remote command execution Xp | CVE-2006-1800 CVE-24689 |
Sitecore XP 7 | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. | CVE-2021-42237 |
Spring Framework, versions 5 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. | CVE-2018-1271 |
SQL Injection exists in the OS Property Real Estate 3 | SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter. | CVE-2018-7319 |
SQL injection vulnerability in index | SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter. | CVE-2008-1975 |
SQL injection vulnerability in offers_buy | SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | CVE-2010-1726 |
Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion | source: https://www.securityfocus.com/bid/18231/info SquirrelMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow unauthorized users to view files and to execute local scripts; other attacks are also possible. http://www.example.com/[squirrelmail dir]/src/redirect.php?plugins[]=../../../../etc/passwd%00 | CVE-2006-2842 |
Telerik | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | CVE-2017-11317 |
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1 | Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | CVE-2022-30023 |
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index | The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | CVE-2015-9479 |
The K2 component 2 | The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads | CVE-2018-7482 |
The limit-login-attempts-reloaded plugin before 2 | The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. | CVE-2020-35589 |
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. | CVE-2014-8361 |
The Photo Sharing Plus component on Sony Bravia TV through 8 | The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. | CVE-2018-16594 |
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core | The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. | CVE-2021-27905 |
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command | The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | CVE-2021-31581 |
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image | The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2. | CVE-2021-42362 |
The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions | The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | CVE-2016-10148 |
There is a remote code execution vulnerability that affects all versions of NetMan 204 | There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root. | CVE-2022-47893 |
TP-Link TL-WR340G / TL-WR340GD - Multiple Vulnerabilities | #Title: TP-LINK Model No. TL-WR340G/TL-WR340GD - Multiple Vulnerabilities #Date: 01.07.14 #Vendor: TP-LINK #Affected versions: TL-WR340G/TL-WR340GD #Tested on: Firmware Version - 4.3.7 Build 090901 Rel.61899n, Hardware Version - WR340G v5 081520C2 [at] Linux #Contact: smash [at] devilteam.pl Persistent Cross Site Scripting vulnerabilities exists because of poor parameters filtration. Our value is stored in javascript array, since it's not correctly verified nor filtered, it is able to inject j | CVE-111720 CVE-111712 CVE-111711 CVE-111708 CVE-111707 CVE-111706 CVE-111705 CVE-111704 CVE-111703 CVE-100357 CVE-100355 |
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2 | UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0. | CVE-2022-40734 |
Unrestricted file upload vulnerability in ofc_upload_image | Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/. | CVE-2009-4140 |
Unrestricted file upload vulnerability in view | Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/. | CVE-2013-4949 |
WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated) | # Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated) # Date: 16/09/2021 # Exploit Author: David Utón (M3n0sD0n4ld) # Vendor Homepage: https://wordpress.com # Affected Version: WordPress 5.6-5.7 & PHP8 # Tested on: Linux Ubuntu 18.04.5 LTS # CVE : CVE-2021-29447 #!/bin/bash # Author: @David_Uton (m3n0sd0n4ld) # Usage: $./CVE-2021-29447.sh TARGET WP_USERNAME WP_PASSWORD PATH/FILE.EXT LHOST # Example: $ ./CVE-2021-29447.sh 10.10.XX.XX wptest test .. | CVE-2021-29447 |
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting | # Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting # Date: 27.11.2020 # Exploit Author: b3kc4t (Mustafa GUNDOGDU) # Vendor Homepage: https://www.myeventon.com/ # Version: 3.0.5 # Tested on: Ubuntu 18.04 # CVE : 2020-29395 # Description Link: https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS """ ~ VULNERABLITY DETAILS ~ https://target/addons/?q=<svg/onload=alert(/b3kc4t/)> # WordPress sites that use | CVE-2020-29395 |
Zeroshell 3 | Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. | CVE-2019-12725 |
Last updated: December 4, 2024 |
If it's a great idea but you need help to make it a demonstrable reality Web Loft can help.
Webloft has experience in rapid prototyping using modern
industry standard components.
Web Loft has a wealth of experience working with a variety of technologies, languages and frameworks. Looking for something specific? Please check out the list below. If you don't see what you're looking for please get in touch and we can discuss how we can help.