-
PHP Files ≈ Packet Storm
Nov 1, 2024 | 15:08 pm
ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By[…]
Read more...
-
PHP Files ≈ Packet Storm
Nov 1, 2024 | 14:54 pm
SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
Read more...
-
PHP Files ≈ Packet Storm
Oct 30, 2024 | 15:34 pm
ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication,[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 30, 2024 | 15:32 pm
ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized information disclosure in the jsonProxy.php endpoint. An unauthenticated attacker can retrieve sensitive system information, including system time, uptime, memory usage, and network load statistics. The jsonProxy.php endpoint proxies these requests to[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 30, 2024 | 15:31 pm
ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized SSH service configuration changes via the jsonProxy.php endpoint. An unauthenticated attacker can enable or disable the SSH service on the server by accessing the FTControlServlet with the sshenable parameter. The jsonProxy.php[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 30, 2024 | 15:28 pm
ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthenticated denial of service attack in the jsonProxy.php endpoint. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 30, 2024 | 15:26 pm
ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthorized project file disclosure in jsonProxy.php. An unauthenticated remote attacker can issue a GET request abusing the DownloadProject servlet to download sensitive project files. The jsonProxy.php script bypasses authentication by proxying[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 30, 2024 | 15:25 pm
ABB Cylon Aspect version 3.08.01 is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with multiple[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 24, 2024 | 13:31 pm
A cross site scripting vulnerability in pfsense version 2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
Read more...
-
PHP Files ≈ Packet Storm
Oct 22, 2024 | 15:49 pm
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script.
Read more...
-
PHP Files ≈ Packet Storm
Oct 21, 2024 | 12:40 pm
Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.
Read more...
-
PHP Files ≈ Packet Storm
Oct 18, 2024 | 14:25 pm
This Metasploit module uses a combination of an arbitrary file read (CVE-2024-34102) and a buffer overflow in glibc (CVE-2024-2961). It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce (and earlier versions if the PHP[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 18, 2024 | 14:22 pm
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the file HTTP POST parameter called by the databaseFileDelete.php script.
Read more...
-
PHP Files ≈ Packet Storm
Oct 17, 2024 | 13:46 pm
ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to perform network operations such as ping, traceroute, or nslookup on arbitrary hosts or IPs by sending a crafted GET request to networkDiagAjax.php. This could be exploited to interact with or[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 16, 2024 | 14:31 pm
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script.
Read more...
-
PHP Files ≈ Packet Storm
Oct 15, 2024 | 14:19 pm
ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script.
Read more...
-
PHP Files ≈ Packet Storm
Oct 14, 2024 | 13:35 pm
ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the PROXY HTTP POST parameter called by the yumSettings.php script.
Read more...
-
PHP Files ≈ Packet Storm
Oct 11, 2024 | 15:13 pm
ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the MODEM HTTP POST parameter called by the dialupSwitch.php script.
Read more...
-
PHP Files ≈ Packet Storm
Oct 11, 2024 | 15:12 pm
ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the[…]
Read more...
-
PHP Files ≈ Packet Storm
Oct 11, 2024 | 15:05 pm
SolarView Compact version 6.00 suffers from a PHP code injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Oct 11, 2024 | 15:00 pm
MagnusBilling version 6.x suffers from a PHP code injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Oct 11, 2024 | 14:54 pm
Gibbon School Platform version 26.0.00 suffers from a PHP code injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Oct 11, 2024 | 14:52 pm
Craft CMS version 4.4.14 suffers from a PHP code injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Oct 11, 2024 | 14:48 pm
Chamilo version 1.11.18 suffers from a PHP code injection vulnerability.
Read more...
-
PHP Files ≈ Packet Storm
Oct 10, 2024 | 14:18 pm
ABB Cylon Aspect version 3.08.01 has a directory traversal vulnerability that can be exploited by an unauthenticated attacker to list the contents of arbitrary directories without reading file contents, leading to information disclosure of directory structures and filenames. This may[…]
Read more...