Unauthorized operation vulnerability in '/cases/adminu/modifyinfo.php' in biweb version V5.86

BIWEB Business Intelligence Website System is a website system relying on ArthurXF enterprise application-level PHP development framework, developed and designed by the Shanghai NetWorks Network Information Co., Ltd. is a rapid development, simple and easy to use object-oriented enterprise...

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

Exploit for jsp platform in category web applications ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel...

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

ZKTeco ZKBioSecurity 3.0 - Directory Traversal ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel:...

ZKTeco ZKBioSecurity 3.0 File Path Manipulation

i? ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

VideoIQ Camera Remote File Disclosure

"cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost 8080"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $port = $argv2; $pack = "GET /%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C..FILEPATH HTTP/1.0\r\n"; $pack.= "Host: $host\r\n"; $pack.= "Connection:...

VideoIQ Camera - Local File Disclosure

"cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost 8080"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $port = $argv2; $pack = "GET /%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C..FILEPATH HTTP/1.0\r\n"; $pack.= "Host: $host\r\n"; $pack.= "Connection:...

PHP Real Estate Script 3 - Arbitrary File Disclosure

PHP Real Estate Script 3 - Arbitrary File Disclosure Exploit Title: php Real Estate Script Arbitrary File Disclosure Date: 2016-07-08 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.realestatescript.eu/ Version: v.3 Download Link :...

phpMyAdmin directory traversal vulnerability (CNVD-2016-04566)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A directory traversal vulnerability exists in the...

Shanghai Zhuo fan cms government service center/index/downLoadFile. action download vulnerability

http://xxx.com/index/downLoadFile.action?fileName=web.xml&filePath=WEB-INF/web.xml...

Apache OpenMeetings ZIP File Path Traversal (CVE-2016-0784)

A directory traversal vulnerability exists in Apache OpenMeetings in the Import/Export System Backups functionality. The vulnerability is due to missing file path validation on user-uploaded ZIP archives. Successful exploitation allows the attacker to execute arbitrary code under the security...

AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities

AirOS NanoStation M2 v5.6-beta Arbitrary File Download & Remote Command Execution Tested on: XM.v5.6-beta5.24359.141008.1753 - Build: 2435 Linux Awesome 2.6.32.63 1 Wed Oct 8 17:54:30 EEST 2014 mips unknown Date: May 30, 2016 Informer: Pablo Rebolini - Valid credentials are required !. Most of...

LMCMS Backend Arbitrary File Deletion Vulnerability

LMCMS Leming CMS system is a web content management system developed in Java language, developed by Beijing Leming Zhixin Technology Co., Ltd. and distributed under commercial license. LMCMS Leming CMS system management background full media library column under the file management provided in th...

LMCMS background arbitrary file download vulnerability

LMCMS Leming CMS system is a web content management system developed in Java language, developed by Beijing Leming Zhixin Technology Co., Ltd. and distributed under commercial license. LMCMS Leming CMS system's management background under the full media library section of the file management to...

OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation

=== LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 === OXID eShop Path Traversal Vulnerability ------------------------------------------------------------------------ Affected Versions ================= Community Edition 4.9.7 Issue Overview ============== Vulnerability Type:...

TRS WCM 文件路径处理不当导致任意文件上传

No description provided by source...

CVE-2015-8620

Heap-based buffer overflow in the Avast virtualization driver aswSnx.sys in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request...

Heap overflow

Heap-based buffer overflow in the Avast virtualization driver aswSnx.sys in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request...

Apache Jetspeed - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...