Western Digital MyCloud multi_uploadify File Upload

Western Digital MyCloud multi_uploadify File Upload

This Metasploit module exploits a file upload vulnerability found in Western Digital’s MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device’s file system. This allows an attacker the ability to upload a PHP […]

The post Western Digital MyCloud multi_uploadify File Upload appeared first on MondoUnix.

WordPress WP Mobile Detector 3.5 Shell Upload

WordPress WP Mobile Detector 3.5 Shell Upload

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a .php file, the remote system will place the file in a user-accessible […]

The post WordPress WP Mobile Detector 3.5 Shell Upload appeared first on MondoUnix.

DlxSpot Shell Upload

DlxSpot Shell Upload

DlxSpot Player4 LED video wall suffers from a remote shell upload vulnerability. Versions greater than 1.5.10 are affected.
Source: DlxSpot Shell Upload
The post DlxSpot Shell Upload appeared first on MondoUnix.