Web Application Firewall

Umbraco CMS 8.5.3 allows an authenticated file upload

[vc_row][vc_column][vc_column_text]

Overview :

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Umbraco CMS 8.5.3 – Authenticated FileUpload PoC

Attack Type: File Upload

Product Version: 8.5.3

OWASP Category: Unrestricted File Upload

Solution: Add package integrity mechanisms and/or file extension whitelist/blacklist filtering

Summary: Umbraco CMS 8.5.3 allows an authenticated file upload via the Packages functionality

Technical Description: See CVE-2020-9472.pdf

Exploit: See exploit_local.py

Vulnerability Details :

CVE ID :

CVE-2020-9472

Reference Order

References are typically listed in the order below:

Initial announcement
Response team advisory
Vendor acknowledgement/advisory
All other public sources

[/vc_column_text][/vc_column][/vc_row]

CVE-2022-29183 : Reflected XSS Possible Via Pipeline Comparisons

CVE-2022-26134 : Confluence Pre-Auth Remote Code Execution Via OGNL Injection

CVE-2022-31813 : Apache HTTP Server: mod_proxy X-Forwarded-For Dropped By Hop-by-hop Mechanism

zzcms 2018 template_user.php ml/title code injection

August 26, 2021 No Comments

A vulnerability was found in zzcms 2018 (Content Management System) and classified as critical. This issue affects an unknown function

ZyXEL VPN2S 1.12 Web Server path traversal

September 29, 2021 No Comments

A vulnerability classified as problematic was found in ZyXEL VPN2S 1.12. Affected by this vulnerability is an unknown part of

Zyxel VPN2S 1.12 CGI Program os command injection

September 29, 2021 No Comments

A vulnerability has been found in Zyxel VPN2S 1.12 and classified as critical. This vulnerability affects some unknown processing of

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

July 2, 2021 No Comments

A vulnerability was found in Zyxel USG, USG Flex, Zywall, ATP and VPN up to 4.64 (Firewall Software). It has

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

July 26, 2021 No Comments

A vulnerability was found in ZyXEL GS1900-8 2.60. It has been classified as problematic. This affects an unknown code of

Zynamics BinDiff up to 6 i64 File use after free

June 30, 2021 No Comments

A vulnerability, which was classified as critical, has been found in Zynamics BinDiff up to 6. This issue affects an

CVE-2023-33965 : BROOK PRIOR 20230606 TPROXY SERVER OS COMMAND INJECTION

June 2, 2023 No Comments

Description Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker

What Is Denial Of Service Attack? What Are The Different Types Of Denial Of Service Attacks?