289 matches found
CVE-2019-15995
A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicio...
xHelper Malware for Android
xHelper is not interesting because of its infection mechanism; the user has to side-load an app onto his phone. It's not interesting because of its payload; it seems to do nothing more than show unwanted ads. it's interesting because of its persistence: Furthermore, even if users spot the xHelper...
Code Execution Vulnerability in MacCMS
MacCMS is a cms website builder system. A code execution vulnerability exists in MacCMS. An attacker can exploit the vulnerability to delete arbitrary files and cause system reinstallation. When reinstalling the software, malicious code is constructed to insert into the configuration file to gain...
Reinstallation Vulnerability in S-CMS Enterprise Website Builder System
S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. There is a reinstallation vulnerability in S-CMS, which can be exploited by attackers to reinstall the system...
Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4524102)
Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Server 2008 R2 SP1 KB4524102 Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft...
Arbitrary Deletion Vulnerability in HongCMS v4.0 uc_a***.php File
HongCMS is an open source lightweight content management system CMS. HongCMS v4.0 uca.php file contains an arbitrary deletion vulnerability. An attacker can exploit the vulnerability to delete arbitrary files, resulting in a system reinstallation...
CVE-2019-16867
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. If the attacker deletes config.php and visits install/index.php, they can reinstall the product...
CVE-2019-16655
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available...
Preview of Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4516554)
Preview of Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 KB4516554 Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 This update is included in the Preview of Quality Rollup that's...
Remote code execution
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2...
Code execution vulnerability in indexhibits CMS
Indexhibit is a pioneering CMS web application created in 2006 for creating websites in an established index + exhibit format. A code execution vulnerability exists in indexhibits CMS, which can be exploited by an attacker to reinstall the web system and enter a backend getshell to gain server...
Arbitrary File Deletion Vulnerability in Xianqi Kindergarten Online Management System
Shanxi Xianqi Technology Co., Ltd. is a high-tech enterprise integrating research and development, production, sales and service of hardware and software. The first kindergarten online management system there are arbitrary file deletion vulnerability, attackers can use this vulnerability to delet...
Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4512194)
Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB4512194 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2...
Arbitrary File Deletion Vulnerability in DouPHP
DouPHP is a lightweight enterprise website management system based on PHP+Mysql architecture, running on various platforms such as Linux, Windows, MacOSX, Solaris and so on. DouPHP has an arbitrary file deletion vulnerability, which can be exploited by attackers to cause system reinstallation...
Command Execution Vulnerability in S-CMS Enterprise Website Building System (CNVD-2019-29886)
S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. A command execution vulnerability exists in the S-CMS enterprise website builder system. Attackers can use the vulnerability to...
DouPHP BLOG Arbitrary File Deletion Vulnerability
DouPHPBLOG1.5 is a lightweight enterprise website management system based on PHP+Mysql architecture, which can run on Linux, Windows, MacOSX, Solaris and other platforms. DouPHPBLOG1.5 suffers from an arbitrary file deletion vulnerability, which can be exploited by attackers to reinstall the...
Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)
Are you using LibreOffice? You should be extra careful about what document files you open using the LibreOffice software over the next few days. That's because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a...
Arbitrary File Deletion Vulnerability in maccms
maccms is a cms website builder. maccms is vulnerable to an arbitrary file deletion vulnerability. An attacker can exploit the vulnerability to delete arbitrary files, resulting in system reinstallation...
Arbitrary File Deletion Vulnerability in Background File List of WMCMS System
WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS system background file list exists arbitrary file deletion vulnerability. Attackers can use the vulnerability to delete arbitrary files, resulting in system reinstallation...
NiuShop B2C Single Merchant Mall System Up***.php file has arbitrary file deletion vulnerability
NiuShop B2C single merchant mall system is a PHP open source e-commerce system designed and developed completely independently by Shanxi NiuKu Information Technology Co. NiuShop B2C single merchant mall system Up.php file arbitrary file deletion vulnerability. Attackers can construct packets sent...