CVE-2014-8516

CRITICAL

Visual Mining NetCharts Server - Unrestricted File Upload and Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-8516. PoCs published by Metasploit, sghctoma, juan vazquez, including Metasploit module exploits/multi/http/visual_mining_netcharts_upload.

AI-analyzed exploit summary This Metasploit module exploits CVE-2014-8516 in Visual Mining NetCharts Server by uploading a malicious JSP file via an authenticated file upload vulnerability, leading to remote code execution.

Description

Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotejava
https://www.exploit-db.com/exploits/35211

This Metasploit module exploits CVE-2014-8516 in Visual Mining NetCharts Server by uploading a malicious JSP file via an authenticated file upload vulnerability, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Visual Mining NetCharts Server 7.0
Auth required
Prerequisites: Network access to the target · Valid credentials (default 'Scheduler' or admin)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by sghctoma, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/visual_mining_netcharts_upload.rb

This Metasploit module exploits an arbitrary JSP upload vulnerability in Visual Mining NetCharts Server 7.0. It leverages a hidden 'Scheduler' user with default credentials to authenticate and upload a malicious JSP payload, achieving remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Visual Mining NetCharts Server 7.0
Auth required
Prerequisites: Network access to the target server · Valid credentials (default 'Scheduler' user or admin credentials)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-372/
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/70895
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/98475
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/129023

Scores

CVSS v3 9.8
EPSS 0.8270
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
cloudfastpath/netcharts_server
Published Jan 03, 2020
Tracked Since Feb 18, 2026