21 matches found
EUVD-2017-8074
Malware in sbrugna...
EUVD-2017-8073
Malware in sbrugna...
Lvyecms has an arbitrary file read vulnerability
Lvyecms Brigade CMS is a php content management system based on ThinkPHP 3.2.x development. Lvyecms has an arbitrary file read vulnerability. An attacker can exploit the vulnerability to read server files...
Code Execution Vulnerability in LvyeCms Version v3.1
LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A code execution vulnerability exists in LvyeCms v3.1, which is caused by the system failing to adequately filter input parameters and values in cached files. An attacker can exploit this vulnerability to upload a Trojan horse fi...
LvyeCms v3.1 has an arbitrary file write vulnerability
LvyeCms 旅烨cms is a php content management system based on ThinkPHP. LvyeCms v3.1 version exists arbitrary file write vulnerability, the vulnerability is due to the system fails to fully filter the incoming file content and path parameters. An attacker can use this vulnerability to upload Trojan...
LvyeCms v3.1 has an arbitrary file creation vulnerability
LvyeCms 旅烨cms is a php content management system based on ThinkPHP. LvyeCms v3.1 version exists arbitrary file creation vulnerability, the vulnerability is due to the system fails to fully filter the incoming file content and path parameters. An attacker can use this vulnerability to upload Troja...
LvyeCMS Code Execution Vulnerability
LvyeCMS is a content management system developed by China Lvye Network Technology using ThinkPHP framework and an independent grouping approach. A security vulnerability exists in LvyeCMS 3.1 and earlier versions. The vulnerability can be exploited by a remote attacker to upload and execute...
Code execution vulnerability in LvyeCMS StyeController.class.php page
LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A code execution vulnerability exists in the LvyeCMS StyeController.class.php page. An attacker can upload and execute arbitrary PHP code via a directory traversal sequence...
Directory traversal
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php...
CVE-2017-16903
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php...
CVE-2017-16903
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php...
CVE-2017-16904
The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...
Cross site scripting
The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...
CVE-2017-16904
The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...
CVE-2017-16904
The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...
CVE-2017-16903
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php...
CVE-2017-16904
The CVE concerns LvyeCMS (admin.php, Public tologin) up to version 3.1 where a crafted username enables cross-site scripting. The underlying cause is mishandling of the username during admin log viewing, allowing an attacker to inject Web script/HTML that is executed in an administrator’s view. S...
CVE-2017-16903
Vulnerability summary: LvyeCMS up to version 3.1 is susceptible to remote code execution via directory traversal in the dir parameter combined with inline PHP in the content parameter during a template Style add request to index.php. This yields arbitrary PHP code execution on affected servers. T...
LvyeCms CustompageController.class.php file has a logical design flaw
LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A logical design vulnerability exists in the LvyeCms CustompageController.class.php file. An attacker can exploit the vulnerability to write, modify, or delete any file in the system...
Cross-Site Scripting Vulnerability in LvyeCMS
LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A cross-site scripting vulnerability exists in LvyeCMS. The vulnerability stems from the system not strictly filtering the backend parameters. An attacker can obtain super admin login privileges by constructing a specially crafte...