138 matches found
CVE-2019-15012
Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0...
Remote code execution
Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0...
MiniCMS Cross-Site Scripting Vulnerability (CNVD-2019-23979)
MiniCMS is a content management system CMS designed for personal websites. A cross-site scripting vulnerability exists in the mc-admin/post-edit.php file in MiniCMS version 1.10. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker can...
DirectAdmin 1.561 - Multiple Vulnerabilities
Exploit for php platform in category web applications Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 email protected && infinitumit.com.tr Description: Multipl...
Gitea < 1.6.3 Improper Access Control Vulnerability
Gitea is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitea:gitea"; if...
CVE-2019-1000002
Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...
Improper access control
Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...
Budabot 4.0 Denial Of Service
4.0 Tested on: 4.0 CVE: CVE-2018-19290 1. Description In modules/HELPBOTMODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified...
CVE-2016-10732
ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...
Z-BlogPHP Arbitrary PHP Code Execution Vulnerability
Z-BlogPHP is an open source PHP-based blog system developed by the Z-Blog community. plugin upload component is one of the plugin upload components. A security vulnerability exists in the plugin upload component in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability by sendi...
LabWiki Arbitrary PHP File Upload Vulnerability
LabWiki is a meme plugin. A security vulnerability exists in the edit.php file in LabWiki 1.1 and earlier versions, which stems from the program failing to properly validate uploaded user files. A remote attacker can exploit this vulnerability to upload arbitrary PHP files...
TYPO3 CMS Edit File Metadata Access Bypass Vulnerability
TYPO3 is a free and open source content management system. A security vulnerability in the TYPO3 CMS edit file metadata allows remote attackers to bypass security restrictions and perform unauthorized operations...
autositephp 2.0.3 (lfi/csrf/edit file) Multiple Vulnerabilities
No description provided by source. + AutositePHP v2.0.3 LFI/CSRF/Edit File Multiple Remote Vulnerabilities + Discovered By SirGod + Greetz : All my friends + Download Script : http://sourceforge.net/projects/autositephp/ + Local File Inclusion PoC 1 : http://target/path/index.php?page=users/Local...
iOS myDBLite 1.1.10 - Directory Traversal
iOS myDBLite 1.1.10 - Directory Traversal Exploit Title : myDBLite v1.1.10 for iPhone / iPod touch, Directory Traversal Date: 02/24/2011 Author: R3d@l3rt, Sp@2K, Sp@2K, Sunlight, H@ckk3y Software Link: http://itunes.apple.com/kr/app/mydb-lite/id335521112?mt=8 Version: 1.1.10 Tested on: iPhone, iP...
Directory traversal
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the editfile parameter...
AutositePHP 2.0.3 (LFI/CSRF/Edit File) Multiple Remote Vulnerabilities
No description provided by source. + AutositePHP v2.0.3 LFI/CSRF/Edit File Multiple Remote Vulnerabilities + Discovered By SirGod + Greetz : All my friends + Download Script : http://sourceforge.net/projects/autositephp/ + Local File Inclusion PoC 1 : http://target/path/index.php?page=users/Local...
autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File
AutositePHP v2.0.3 LFI/CSRF/Edit File Multiple Remote Vulnerabilities + Discovered By SirGod + Greetz : All my friends + Download Script : http://sourceforge.net/projects/autositephp/ + Local File Inclusion PoC 1 : http://target/path/index.php?page=users/Local File Example 1 :...
SimpleBlog <= 2.3 (admin/edit.asp) Remote SQL Injection Vulnerability
No description provided by source. Title : simpleblog = v 2.3 /admin/edit.asp Remote SQL Injection Vulnerability Author : bolivar Dork : "SimpleBlog 2.3 by 8pixel.net" ---------------------------------------------------------------------------...