Exploits/Remote File Inclusion/Known Vulnerabilities

Cisco Data Center Network Manager Arbitrary File Upload Vulnerability Exploit

Cisco Data Center Network Manager is vulnerable to an authenticated arbitrary file upload, which allows to upload a WAR file to the Apache Tomcat webapps directory. The Apache Tomcat webapps directory can be determined using a information disclosure vulnerability. Authentication can be bypassed on versions 10.4(2) and below.

Atlassian Crowd pdkinstall Plugin Install Vulnerability Exploit

The pdkinstall development plugin is incorrectly enabled in release builds of Atlassian Crowd and Crowd Data Center. An attacker can leverage this vulnerability to install a malicious plugin and execute code in the system.

Cisco Prime Infrastructure Health Monitor UploadServlet Remote JSP File Upload Vulnerability Exploit

The TarArchive class blindly extracts tar archives without checking for directory traversals. An attacker can leverage this vulnerability to execute code in the system.

CMS Made Simple Module Import PHP Remote Command Injection Vulnerability Exploit

CMS Made Simple allows remote authenticated administrators to execute arbitrary PHP code via command injection using the module import feature in admin/moduleinterface.php

Advantech WebAccess Node certUpdate Directory Traversal Remote Code Execution Vulnerability Exploit

Advantech WebAccess Node is vulnerable to an unauthenticated remote file inclusion, allowing attackers to execute arbitrary code in the system.

D-Link Central WiFiManager FTP Server Default Credentials Remote PHP File Upload Vulnerability Exploit Update

D-Link Central WiFiManager has an FTP server listening on port 9000 by default with fixed credentials. This allows to unauthenticated users to upload and execute PHP files in the web root, leading to remote code execution. This update fixes vulnerability URLs

D-Link Central WiFiManager FTP Server Default Credentials Remote PHP File Upload Vulnerability Exploit

D-Link Central WiFiManager has an FTP server listening on port 9000 by default with fixed credentials. This allows to unauthenticated users to upload and execute PHP files in the web root, leading to remote code execution.

CMS Made Simple moduleinterface.php Remote PHP File Upload Vulnerability Exploit

CMS Made Simple allows remote authenticated administrators to execute arbitrary PHP code via file upload using admin/moduleinterface.php

PhpCollab editclient.php PHP File Upload Remote Code Execution Exploit

PhpCollab is vulnerable to an unauthenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.