qinggan phpok 代码问题漏洞

phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. An arbitrary file write vulnerability exists in the editsavef function in framework/admin/tplcontrol.php in phpok version 5.1. An attacker can exploit this vulnerability to wri...

Pet Shop Management System 1.0 Privilege Escalation / Shell Upload

!/usr/bin/python3 Exploit Title: Pet Shop Management System v1.0 - Authenticated Privilege Escalation to Remote Code Execution Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 01, 2021 Vendor Homepage:...

REINER SCT Reiner TimeCard 信任管理问题漏洞

REINER SCT Reiner TimeCard is a chip card reading device from REINER SCT, Germany, used for access protection in secure online banking devices, terminals for dealers and merchants using girocard payments, and PC workstations. A security vulnerability exists in REINER SCT Reiner TimeCard version...

CVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

CVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

Design/Logic Flaw

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

CVE-2021-36582

Kooboo CMS 2.1.1.0 is affected by a vulnerability that allows uploading a remote shell (aspx) to the server and then triggering it to receive a reverse shell from the victim server. The uploaded file is placed at /Content/Template/root/reverse-shell.aspx and can be invoked by visiting that URL. P...

CVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

Zenitel AlphaCom XE Audio Server 代码问题漏洞

Zenitel AlphaCom XE Audio Server is a hybrid intercom system from Zenitel Norway. The system supports all VINGTOR-STENTOFON IP and analog intercom stations. A security vulnerability exists in Zenitel AlphaCom XE Audio Server that allows remote shell uploads...

Kooboo 代码问题漏洞

Kooboo is a new web development tool capable of developing static pages or complex websites. A security vulnerability exists in Kooboo CMS 2.1.1.0, which stems from the software's lack of effective validation and filtering of user uploaded files. An attacker can upload a remote shell e.g. aspx to...

Pulse Secure Pulse Connect Secure 命令注入漏洞

Pulse Secure Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is an SSL VPN solution from Pulse Secure, Inc. in the United States. A command injection vulnerability exists in Pulse Secure Pulse Connect Secure that stems from the product's failure to filter input data for specia...

Riak Insecure Default Configuration / Remote Command Execution

Riak KV Insecure Default Cookie RCE ===== Intro ===== Riak is a NoSQL key-value database that is built to maximize data availability and performance, especially useful for eg. big data environments. It's built to survive data and network failures with design principles similar to DynamoDB while...

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejsnetserver" and downloaded over 1,283 times since February 2019, was last...

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine

An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in...

Weidmueller Industrial WLAN devices Access Control Error Vulnerability

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An access control error vulnerability exists in Weidmueller Industrial WLAN devices, which can be exploited by an attacker to cause remote shell access to the device as this user...

CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

Improper access control

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

CVE-2021-33538 WEIDMUELLER: WLAN devices affected by improper access control vulnerability

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

Weidmueller Industrial WLAN 安全漏洞

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An access control error vulnerability exists in Weidmueller Industrial WLAN devices, which can be exploited by an attacker to cause remote shell access to the device as this user...