Lucene search
K

573 matches found

CVE
CVE
added 2019/07/18 5:23 p.m.100 views

CVE-2019-13956

Discuz!ML versions 3.2–3.4 are affected by a code-injection vulnerability in the language cookie. The root cause is improper handling of the language cookie value, allowing remote attackers to inject and execute arbitrary PHP code (for example via language=en'.phpinfo().');, enabling remote code ...

9.8CVSS9.7AI score0.04572EPSS
Exploits3References1Affected Software1
myhack58
myhack58
added 2019/07/11 12:0 a.m.144 views

Discuz! ML arbitrary code execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019 Year 7 month 11 days, the network appeared on a Discuz it! ML remote code execution vulnerability PoC, through Sangfor security researcher to verify the analysis found, the attacker can use the vulnerability in the request flow of the cookie field in the language parameter to insert arbitrar...

0.9AI score
Exploits0
CNVD
CNVD
added 2019/07/11 12:0 a.m.4 views

Discuz!ML 3.x Arbitrary Code Execution Vulnerability

Discuz!ML is a multilingual open source community system based on the Discuz!X engine. An arbitrary code execution vulnerability exists in Discuz!ML 3.x, which can be exploited by attackers to execute arbitrary code...

8.2AI score
Exploits0References1
Vulnerability Lab
Vulnerability Lab
added 2019/07/08 12:0 a.m.850 views

Discuz!ML v3.x - Code Injection Vulnerability

Document Title: =============== Discuz!ML v3.x - Code Injection Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2185 Download: https://www.vulnerability-lab.com/resources/documents/2185.rar http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13956...

7.5CVSS0.3AI score0.04572EPSS
Exploits3
Vulnerability Lab
Vulnerability Lab
added 2019/07/07 12:0 a.m.86 views

Discuz!ML v3.x - Code Injection Vulnerability

Document Title: =============== Discuz!ML v3.x - Code Injection Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2185 Download: https://www.vulnerability-lab.com/resources/documents/2185.rar http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13956...

9.8CVSS9.7AI score0.04572EPSS
Exploits3
Prion
Prion
added 2019/05/22 6:29 p.m.28 views

Design/Logic Flaw

The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...

9CVSS8.9AI score0.10615EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/05/22 6:29 p.m.6 views

CVE-2018-14729

The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...

8.8CVSS6AI score0.10615EPSS
Exploits1References4
NVD
NVD
added 2019/05/22 6:29 p.m.19 views

CVE-2018-14729

The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...

9CVSS9AI score0.10615EPSS
Exploits1References4
Cvelist
Cvelist
added 2019/05/22 5:54 p.m.21 views

CVE-2018-14729

The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...

9AI score0.10615EPSS
Exploits1References4
CVE
CVE
added 2019/05/22 5:54 p.m.57 views

CVE-2018-14729

The CVE-2018-14729 entry affects Discuz! versions 2.5 and 3.4, where the database backup feature in upload/source/admincp/admincp_db.php enables remote attackers to execute arbitrary PHP code. The Red Hat, NVD, CVE list, and CNVD records confirm this backend command execution risk originates from...

9CVSS8.9AI score0.10615EPSS
Exploits1References4Affected Software1
Gitee
Gitee
added 2019/05/06 9:43 a.m.8 views

Exploit for CVE-2013-0422

K8tools 20190428 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...

10CVSS9.1AI score0.99448EPSS
Exploits97
Gitee
Gitee
added 2019/04/08 9:33 a.m.6 views

Exploit for CVE-2013-0422

K8tools 20190403 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools 密码: k8gege k8team K8team PS: 不定期更新,文件比较大,可按需下载。 提权工具均可在远控cmd或WebShell下运行,大部份经过修改重新编译兼容性稳定性比网上要好 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt K8飞刀漏洞利用列表...

10CVSS9.1AI score0.99448EPSS
Exploits97
CNVD
CNVD
added 2019/04/02 12:0 a.m.2 views

Discuz Forum System MagaCMS Online Newspaper Reader Plugin has SQL Injection Vulnerability

Discuz! is an online forum system. A SQL injection vulnerability exists in the MagaCMS Online Newspaper Reader plugin for Discuz forum system, which can be exploited by attackers to obtain sensitive information from the database...

7.7AI score
Exploits0
CNVD
CNVD
added 2019/02/19 12:0 a.m.2 views

Discuz Frontend Override Login Vulnerability

Discuz is a general purpose community forum software system. There exists an override login vulnerability in the frontend of Discuz. The vulnerability is due to the administrator login background need account password, the vulnerability will not affect the background, the attacker may log in any...

6.9AI score
Exploits0References1
CNVD
CNVD
added 2018/12/26 12:0 a.m.3 views

Discuz! DiscuzX Authentication Bypass Vulnerability

Discuz! DiscuzX is an online forum system. An authentication bypass vulnerability exists in Discuz! DiscuzX version 3.4, which can be exploited by a remote attacker to bypass authentication and gain access to an account with the help of a non-empty wechatcommonmemberwechatmp when wechat login is...

8.1CVSS7.3AI score0.01291EPSS
Exploits1References1
CVE
CVE
added 2018/12/24 4:0 a.m.55 views

CVE-2018-20422

CVE-2018-20422 affects Discuz! DiscuzX 3.4 when WeChat login is enabled, enabling remote authentication bypass by exploiting a non-empty #wechat#common_member_wechatmp via plugin.php ac=wxregister; attacker does not control target account. This is described across NVD/CNVD records with consistent...

8.1CVSS8.3AI score0.01291EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/12/24 4:0 a.m.40 views

CVE-2018-20423

CVE-2018-20423 affects Discuz! DiscuzX 3.4 when WeChat login is enabled. A logic flaw in plugin.php ac=wxregister allows remote attackers to bypass the “disabled registration” setting by supplying a non-existent wxopenid value, enabling unauthorized registrations. Exploitation details are not pro...

8.1CVSS8AI score0.0118EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/12/24 4:0 a.m.52 views

CVE-2018-20424

Discuz! DiscuzX 3.4 is vulnerable when WeChat login is enabled: a remote attacker can delete the common_member_wechatmp data structure by sending ac=unbindmp to plugin.php. This is documented in CVE-2018-20424 and CNVD-2018-26767, noting a remote deletion Impact. The provided sources do not inclu...

5.9CVSS5.8AI score0.00903EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/12/24 4:0 a.m.22 views

CVE-2018-20422

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...

8.4AI score0.01291EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/11 12:0 a.m.4 views

Access control error vulnerability in discuz v3.2

Discuz! is a very popular Web forum program in the Chinese community. An access control error vulnerability exists in discuz v3.2. An attacker can exploit this vulnerability to compromise the confidentiality and availability of the program...

8.1CVSS6.8AI score0.01291EPSS
Exploits3
Rows per page
Query Builder