This module uses an unauthenticated remote PHP file upload vulnerability via File Manager (wp-file-manager) plugin in WordPress to upload and execute a PHP agent file to gain arbitrary code execution on the affected system.
Open-AudIT is vulnerable to an authenticated php file upload, allowing attackers to execute arbitrary php code in the system.
This module uses an arbitrary file upload vulnerability, an authentication bypass (which depends on the target version) and a information disclosure vulnerability in order to upload and execute a WAR file in the Tomcat webapps folder. Since the Apache Tomcat server is running with root (SYSTEM in Windows targets) user, the deployed agent will run with the same privileges.
The pdkinstall development plugin is incorrectly enabled in release builds of Atlassian Crowd and Crowd Data Center. An attacker can leverage this vulnerability to install a malicious plugin and execute code in the system.
The TarArchive class blindly extracts tar archives without checking for directory traversals. An attacker can leverage this vulnerability to execute code in the system.
D-Link Central WiFiManager FTP Server is vulnerable to an unauthenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.
CMS Made Simple is vulnerable to an authenticated php command injection, allowing attackers to execute arbitrary php code in the system.
Advantech WebAccess Node is vulnerable to an unauthenticated remote file inclusion, allowing attackers to execute arbitrary code in the system.
CMS Made Simple is vulnerable to an authenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.
PhpCollab is vulnerable to an unauthenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.