CVE-2008-6367
published 2009-03-02CVE-2008-6367: Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a…
PriorityP351high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
3.40%
87.3th percentile
Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cerberus FTP Server 8.0.10.1 - Denial of Service
exploitdb·2017-03-13·CVSS 7.5
CVE-2017-6367 [HIGH] Cerberus FTP Server 8.0.10.1 - Denial of Service
Cerberus FTP Server 8.0.10.1 - Denial of Service
---
# Exploit Title: Cerberus FTP server – Denial of Service
# Date: 2017-03-13
# Exploit Author: Peter Baris
# Vendor Homepage: https://www.cerberusftp.com/
# Software Link: [download link if available]
# Version: 8.0.10.1
# Tested on: Windows Server 2008 R2 Standard x64, Windows 7 Pro SP1 x64
# CVE : CVE-2017-6367
# 2017-02-27: Vulnerability discovered, Contact to Cerberus Support
# 2017-02-27: Reply received, PoC exploit code sent
# 2017-02-27: Problematic module identified by the vendor, gSOAP
# 2017-03-02: New version 8.0.10.2 released - https://www.cerberusftp.com/products/releasenotes/
# 2017-03-02: gSOAP module update released by the vendor and advisory placed https://www.genivia.com/advisory.html
# 2017-03-02: grace period until
Exploit-DB
Social Groupie - 'create_album.php' Arbitrary File Upload
exploitdb·2008-12-12
CVE-2008-6367 Social Groupie - 'create_album.php' Arbitrary File Upload
Social Groupie - 'create_album.php' Arbitrary File Upload
---
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
> Found by : Cyb3r-1sT
> C0ntact : cyb3r-1st [at] hotmail.com
> Groups : InjEctOr5 T3am
+++++++++++++++++++ Script information+++++++++++++++++
> script : Social Groupie
> download : www.socialgroupie.com
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
> D0rk : find it
> Exploit :>>> After u Register in site flow th
No writeups or analysis indexed.
2009-03-02
Published