ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By enabling badassMode and setting the skipChecksum parameter, the system skips integrity verification, allowing attackers to upload or install altered CalDAV zip files without authentication. This vulnerability permits unauthorized file modifications, potentially exposing the system to tampering or malicious uploads.
accf80983115dc5908f4545001f436450bd05752c8b5b6b674a1efd83446277bTransport Management System version 1.0 suffers from an arbitrary file upload vulnerability.
1cd66e393ca7966dfbaac0ad1a1b3a444b9752a015b512e8517095c91f4717e2Simple Music Management System version 1.0 suffers from an arbitrary file upload vulnerability.
199208c90ef7b0a9bafb453966c1c18290282b16dd26a3535aa7d2869e44e262Printing Business Records Management System version 1.0 suffers from an arbitrary file upload vulnerability.
8751b24fbc8f067b192e862d9c15c970e7302c26f87c9d0cc2333260c476a884Online Eyewear Shop version 1.0 suffers from an arbitrary file upload vulnerability.
1f14cfc963330f0a01f9c4aced1f7de282ae44271edc1a4cd158e539df7c983eEvent Management System version 1.0 suffers from an arbitrary file upload vulnerability.
131043ebb9ab67fd7a914885356e55ba6ab7a264cc269b23797acfbc70234823Student Enrollment version 1.0 suffers from an arbitrary file upload vulnerability.
49cc50e326b3fd62447d476f81a9de0cba690a49f3f4ee75a6bc4a78f3795d14Rupee Invoice System version 1.0 suffers from an arbitrary file upload vulnerability.
6fb3380fdbd9dc68d4cb8441ac475f25ac1ecd1029d07f228a330be33ec7258cOnline Job Search System version 1.0 suffers from an arbitrary file upload vulnerability.
25f5aa2a29c64ab981939ce3c1c10082aa1a07beb7098128132b5921c035bc9dOnline Flight Booking System version 1.0 suffers from an arbitrary file upload vulnerability.
cbda91dc01c92da5a98f256f2b262f13fd4937433fae73274fba8113fbbc7648This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to register an account and exploit the issues. Moreover, the application runs by default with root privileges, potentially resulting in a complete system compromise. This Metasploit module, which should work on any Red Hat-based Linux system, exploits these issues by adding a new cronjob file that executes the specified payload.
0bc1add3ef020b8c6e70e1d2ec3bfd3d9c59d68531db58229710061c08ef8c2eTravel Management System Project version 1.0 suffers from an arbitrary file upload vulnerability.
759d3158646088d395fadb366a34f4e08fcbf04963fd9527824e9428498ffc2bOnline Traffic Offense version 1.0 suffers from cross site request forgery and arbitrary file upload vulnerabilities.
e5a827b48fc4659294048f669ce8dc8150ad3c9cea88685a31c1e4fff34cdbbdOnline Notice Board System version 1.0 suffers from an arbitrary file upload vulnerability.
ab3ddd76fa0a76019b10579096221df8438dc75c5be821cc1ebffb0b0e85e47bOnline Bus Ticket Booking Website version 1.0 suffers from an arbitrary file upload vulnerability.
d02b982816fa96d983d448b4dac321ae5fc15af8c9aaf37b74b02f7189a5feb4Expense Management System version 1.0 suffers from an arbitrary file upload vulnerability.
66dcc2bef5476bdd41cb8a565bbbb520bf475144f6f9a701f2b3796408386473Online Job Recruitment Portal Project version 1.0 suffers from an arbitrary file upload vulnerability.
0b11185c3ea1add14d0fab396e3abc79b89450ee26fe1d4c4eb27856f33193eaThis Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.
470929e92864600915a7773675e61c23486f09b86f3d05d72951628b436ed7c0Queuing Simple Chatbot version 1.0 suffers from a remote shell upload vulnerability.
1ac1abe713bae44f313173560ae4b2399dcbac5f41ce3ca8ddd25b5daa57b3ffCrime Complaints Reporting Management System version 1.0 suffers from an arbitrary file upload vulnerability.
3cc5618e76f72a62cd86bf2b3fd5f9a047a06734d88af32677fe76edb0e529b0Student Attendance Management System version 1.0 suffers from an arbitrary file upload vulnerability.
8301589003c010f20ac529eb42cbb71ab3534415a910f9e4049f5a4439af953dOnline Travel Agency System version 1.0 suffers from an arbitrary file upload vulnerability.
5d679af79681b3230bebbb01358d179220b220e1d69d8bcf6fa3c2dfc830be0fHostel Management System version 1.0 version 1.0 suffers from an arbitrary file upload vulnerability.
27f8218a09b1dbd02541ebb3a01b906007cc837ea1498cdeb2bc7e08eaf27619This Metasploit module attempts to read a remote file from the server using a vulnerability in the way MediaWiki handles SVG files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. In order to work MediaWiki must be configured to accept upload of SVG files. If anonymous uploads are allowed the username and password arent required, otherwise they are. This Metasploit module has been tested successfully on MediaWiki 1.19.4, 1.20.3 on Ubuntu 10.04 and Ubuntu 12.10. Older versions were also tested but do not seem to be vulnerable to this vulnerability. The following MediaWiki requirements must be met: File upload must be enabled, $wgFileExtensions[] must include svg, $wgSVGConverter must be set to something other than false.
71615d7c455fb2156a5414c500e8bff8843420ced30f06fff70abbf96f287ac8When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP. Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
f20ed46e990bc49e51e4df52537ec564d571907ef6c1bab6631f3044e0db35c8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed