FCKEditor version 2.6.8 ASP version suffers from a file upload protection bypass.

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous authentication, leading to arbitrary code execution with IUSR privileges.

DevExpress ASP.NET File Manager versions 10.2 through 13.2.8 suffer from a directory traversal vulnerability.

This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.

ASP Dynamika version 2.5 suffers from arbitrary file upload and remote SQL injection vulnerabilities.

Sky File version 2.1.0 for iOS suffers from cross site scripting and directory traversal vulnerabilities.

File Sharing and Chat version 1.0 for iOS suffers from a denial of service vulnerability.

School ERP Pro version 1.0 suffers from an arbitrary file read vulnerability.

GitLab version 12.9.0 suffers from an arbitrary file read vulnerability.

i-doit Open Source CMDB version 1.14.1 suffers from an arbitrary file deletion vulnerability.

MPC Sharj version 3.11.1 suffers from an arbitrary file download vulnerability.

webTareas version 2.0.p8 suffers from an arbitrary file deletion vulnerability.

Lotus Core CMS version 1.0.1 suffers from a local file inclusion vulnerability.

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

Apache Tomcat AJP Ghostcat file read and inclusion exploit.

FIBARO System Home Center version 5.021 suffers from cross site scripting and remote file inclusion vulnerabilities.

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions.

Integria IMS version 5.0.86 suffers from an arbitrary file upload vulnerability that allows for remote command execution.

Sentrifugo version 3.2 suffers from a file upload restriction bypass vulnerability.

FileThingie version 2.5.7 suffers from a remote shell upload vulnerability.

Dokeos versions 1.8.6.1 and 1.8.6.3 suffer from a remote file upload vulnerability via an fckeditor.

IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.

Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.

Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability.

Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability.

WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.

Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities.

Air Sender version 1.0.2 for iOS suffers from an arbitrary file upload vulnerability.

Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.

HardDrive version 2.1 for iOS suffers from an arbitrary file upload vulnerability.

Online Clothing Store version 1.0 suffers from an arbitrary file upload vulnerability.

Horde Groupware Webmail Edition version 5.2.22 suffers from a PHP file inclusion vulnerability.

PHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.

DotNetNuke CMS version 9.5.0 suffers from file extension check bypass vulnerability that allows for arbitrary file upload.

File Explorer for iOS version 1.4 suffers from an access bypass vulnerability.

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

WordPress Media Library Assistant plugin version 2.81 suffers from a local file inclusion vulnerability.

QRadar Community Edition version 7.3.1.6 suffers from a local privilege escalation due to insecure file permissions with run-result-reader.sh.

BoltWire version 6.03 suffers from a local file inclusion vulnerability.

This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:SoftwareClassesexefileshellopencommand), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.

The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box (Win 10), thereby hiding the fact that our attack was successful.

SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability.

The Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.

File Explorer version 1.4 for iOS suffers from an information disclosure vulnerability.

SGI IRIX versions 6.4.x and below run-time linker (rld) arbitrary file creation exploit.