eGroupWare 1.14 is vulnerable to Remote Command Execution. An attacker can send a specially crafted request to the spellchecker.php script in order to execute arbitrary commands on the vulnerable system. The script is located in the fck_spellerpages/spellerpages/server-scripts/ directory. The attacker can send a specially crafted request to the spellchecker.php script in order to execute arbitrary commands on the vulnerable system.
The pfsense firewall is vulnerable to RCE chained with CSRF as it uses `csrf magic` library since it allows to tamper the CSRF token values submitted when processing the form requests. An attacker can exploit this vulnerability by crafting a malicious page containing attacker's controlled input such as a 'reverse shell' and entice the victims to click on the crafted link via social engineering methods. Once the victim clicks on the link, the attacker can take the lateral control of the victim's machine and malicious actions can be performed on the victim's behalf.
Socket.io-file is vulnerable to an improper input validation in the file upload functionality. An attacker can exploit this vulnerability to upload arbitrary files to the server.
F5 Big-IP 13.1.3 Build 0.0.6 is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to read sensitive files from the server. This vulnerability is due to improper validation of user-supplied input by the affected software. An attacker can exploit this vulnerability by sending a specially crafted request to the affected software.
An authenticated user is allowed to upload .exe and .shtml files to the file uploaded directory in Webtareas 2.1 and 2.1p. This vulnerability can be exploited by sending a POST request with the malicious file to the addfile.php page.
The Koken CMS upload restrictions are based on a list of allowed file extensions (withelist), which facilitates bypass through the handling of the HTTP request via Burp. Steps to exploit: 1. Create a malicious PHP file with this content: <?php system($_GET['cmd']);?> 2. Save as 'image.php.jpg' 3. Authenticated, go to Koken CMS Dashboard, upload your file on 'Import Content' button (Library panel) and send the HTTP request to Burp. 4. On Burp, rename your file to 'image.php'
This exploit allows an attacker to gain access to the webshell of the Online Course Registration 1.0 application. The exploit is based on a similar authentication bypass on the admin page, which was discovered by BKpatron. The attacker can then use the webshell to execute arbitrary commands on the server.
LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the hosting webserver via uploading a maliciously crafted image.
Bludit 3.9.2 is vulnerable to a directory traversal vulnerability. An attacker can exploit this vulnerability to upload arbitrary files to the web server, which can lead to remote code execution. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'dir' parameter of the 'upload-images' AJAX request. An attacker can exploit this vulnerability by sending a specially crafted AJAX request with a malicious file to the vulnerable application. Successful exploitation of this vulnerability can result in remote code execution.
Attacker can bypass login page and access to dashboard page by sending a POST request with email and password parameters set to '=''or'
Services By CQR