CVE-2015-1587
published 2015-02-19CVE-2015-1587: Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute…
PriorityP268high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
44.19%
98.6th percentile
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maarch | gec_ged | <= 1.4 | — |
| maarch | letterbox | <= 2.8 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to file_to_index.php containing multipart/form-data with a PHP file extension in the uploaded filename. ↗
- →Alert on HTTP GET requests to predictable paths under tmp/ with a .php extension, indicating post-upload webshell access. ↗
- →Use the Google dork 'intext:"Maarch Maerys Archive v2.1 logo"' to identify exposed Maarch instances on the internet. ↗
- →The exploit uses Content-Type: multipart/form-data with a custom boundary; inspect HTTP traffic for POST requests to file_to_index.php with this content type from unauthenticated sessions. ↗
- ·The uploaded PHP webshell is placed in a predictable path under tmp/, meaning the filename can be guessed or brute-forced by an attacker without any session or authentication requirement. ↗
- ·Affects both Maarch LetterBox 2.8 and earlier AND GEC/GED 1.4 and earlier — detection rules should account for both product deployments. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gf79-62cr-g4pm: Unrestricted file upload vulnerability in file_to_index
ghsa_unreviewed·2022-05-17
CVE-2015-1587 [HIGH] GHSA-gf79-62cr-g4pm: Unrestricted file upload vulnerability in file_to_index
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.
Red Hat
kernel: platform/x86: x86-android-tablets: Unregister devices in reverse order
vendor_redhat·2024-07-12·CVSS 5.5
CVE-2024-40975 [MEDIUM] CWE-911 kernel: platform/x86: x86-android-tablets: Unregister devices in reverse order
kernel: platform/x86: x86-android-tablets: Unregister devices in reverse order
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: x86-android-tablets: Unregister devices in reverse order
Not all subsystems support a device getting removed while there are
still consumers of the device with a reference to the device.
One example of this is the regulator subsystem. If a regulator gets
unregistered while there are still drivers holding a reference
a WARN() at drivers/regulator/core.c:5829 triggers, e.g.:
WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:5829 regulator_unregister
Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLADE_21.X64.0005.R00.1504101516 FFD8_X64_R_2015_04_10_1516 04/10/2015
RIP: 0010:regulator_unregister
Call Trace:
No detection rules found.
Exploit-DB
MAARCH 1.4 - Arbitrary File Upload
exploitdb·2014-10-29
CVE-2015-1587 MAARCH 1.4 - Arbitrary File Upload
MAARCH 1.4 - Arbitrary File Upload
---
/******************************************************
# Exploit Title: Maarch 1.4 Arbitrary file upload
# Google Dork: intext:"Maarch Maerys Archive v2.1 logo"
# Date: 29/10/2014
# Exploit Author: Adrien Thierry
# Exploit Advisory: http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html
# Vendor Homepage: http://maarch.org
# Software Link: http://downloads.sourceforge.net/project/maarch/Maarch%20Entreprise/Maarch-1.4.zip
# Version: Maarch GEC array(
'method' => 'POST',
'header' => 'Content-Type: multipart/form-data; boundary='.$boundary,
'content' => $data
));
$ctx = stream_context_create($params);
$fp = fopen($url, 'rb', false, $ctx);
if (!$fp)
{
throw new Exception("Erreur !");
}
$response = @stream_get_contents($fp
Metasploit
Maarch LetterBox Unrestricted File Upload
metasploit
Maarch LetterBox Unrestricted File Upload
Maarch LetterBox Unrestricted File Upload
This module exploits a file upload vulnerability on Maarch LetterBox 2.8 due to a lack of session and file validation in the file_to_index.php script. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.
No writeups or analysis indexed.
http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.htmlhttp://osvdb.org/show/osvdb/113928http://packetstormsecurity.com/files/130383/Maarch-LetterBox-2.8-Unrestricted-File-Upload.htmlhttp://www.exploit-db.com/exploits/35113http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.htmlhttp://osvdb.org/show/osvdb/113928http://packetstormsecurity.com/files/130383/Maarch-LetterBox-2.8-Unrestricted-File-Upload.htmlhttp://www.exploit-db.com/exploits/35113
2015-02-19
Published