LibSSH Flaw Allows Hackers to Take Over Servers Without Password

A four-year-old severe vulnerability has been discovered in the Secure Shell SSH implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security...

EnableQ Online Questionnaire Engine V10 Full Version Code Execution Vulnerability in Frontend

EnableQ online survey engine is a universal online survey management platform developed by Beijing Covey Nengdang Information Technology Co. A code execution vulnerability exists in the frontend of EnableQ Online Survey Engine V10 full version. An attacker can exploit the vulnerability to execute...

Code Execution Vulnerability in Kolon Enterprise CMS v1.7.3

Kelong Enterprise CMS is a content management system launched by Zhangzhou Kelong Weite Electronic Co. A code execution vulnerability exists in KeLong Enterprise CMS v1.7.3, which can be exploited by attackers to gain control of a web server...

File uploading vulnerability in Dreamline Enterprise website building system

Dream line business enterprise station building system is to use PHP + MySQL way to run the open source station building system. Dreamline enterprise website builder system file upload vulnerability, an attacker can use the vulnerability to upload any file, get the control of the web server...

Command Execution Vulnerability in YIXUNCMS Backend

YIXUNCMS is a showcase website system developed by Yixun Software Studio for small and medium-sized enterprises, using PHP language and with a stable MYSQL database. YIXUNCMS backend has a command execution vulnerability that can be exploited by attackers to insert Trojan horse files to gain...

ShopsN open source online store full system PayOrderController page there are code execution vulnerabilities

ShopsN free version of the B2C e-commerce is a Shanghai Yisu Network Technology Co., Ltd. in line with the enterprise-level commercial standards full-featured really allow free commercial use of open source online store full network system. ShopsN v2.3.5 official version of the PayOrderController...

ShopsN open source online store full system RechargeController page there are code execution vulnerabilities

ShopsN free version of the B2C e-commerce is a Shanghai Yisu Network Technology Co., Ltd. in line with the enterprise-level commercial standards full-featured really allow free commercial use of open source online store full network system. ShopsN v2.3.5 official version of the RechargeController...

Code Execution Vulnerabilities in YunYu CMS Enterprise Website Management System v1.1.4 Substation Version

Yunyou CMS enterprise website management system is a professional marketing enterprise building system based on PHP + MYSQL as the core development. CloudUnion CMS Enterprise Website Management System v1.1.4 Substation Edition suffers from a code execution vulnerability, which can be exploited by...

Command Execution Vulnerability in ThinkLC Backend

ThinkLC is a classified information system developed by SaxueCMS. A command execution vulnerability exists in the backend of ThinkLC, which can be exploited by an attacker to upload a Trojan horse file at the upload template in the backend and gain control of the web server...

Code Execution Vulnerability in OURPHP Backend Templates

OURPHP is Harbin Weicheng Technology Co., Ltd. developed a PHP + MySQL based on the development of W3C standards-compliant building system. OURPHP background template code execution vulnerabilities, attackers can use the vulnerability to obtain control of the web server...

Code Execution Vulnerability in DouPHP

DouPHP is a lightweight enterprise website management system, based on PHP+Mysql architecture, can run on Linux, Windows, MacOSX, Solaris and other platforms. DouPHP has a code execution vulnerability that can be exploited by attackers to gain control of the server...

Unauthorized Access Vulnerability in txjcms v4.0

Skywalker Networks is an Internet integrated service platform provider. An unauthorized access vulnerability exists in txjcms v4.0. An attacker can exploit this vulnerability to gain control of the web server...

SQL Injection Vulnerability in Website Building System of Beijing Dingwei Zhichuang Technology Co.

Beijing Dingwei Zhichuang Technology Co., Ltd. is committed to website construction/revision, cell phone website, micro letter website, domain name space and other work. There is a SQL injection vulnerability in the website construction system of Beijing Dingwei Zhichuang Technology Co., Ltd. tha...

Multiple JAVA Deserialization Vulnerabilities in UFIDA NC System

UFIDA NC system is a world-class high-end management software for group enterprises. There are multiple JAVA deserialization vulnerabilities in UFIDA NC system, which can be exploited by attackers to remotely execute operating system commands and obtain server control privileges...

Unrestricted file upload

A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by...

CVE-2018-14911

A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by...

CVE-2018-14911

UKCMS ≤1.1.7 file upload flaw enables an attacker with admin access to bypass PHP upload restrictions by adding php,php to the upload_file_ext setting and uploading a malicious script via the admin.php/admin/configset/index/group/upload.html page. The root cause is inadequate filtering of the upl...

File Upload Vulnerability in Laoban CMS v2.0

Laoban CMS content management system referred to as: Laoban CMS is developed by Laoban based on PHP + MYSQL environment of the open source station-building system. File upload vulnerability exists in Laoban CMS v2.0. The vulnerability is due to the system does not strictly filter the file upload...

File upload vulnerability in UKcms v1.1.7 and previous versions

UKcms is a simple, flexible and open source web content management system based on PHP7 and mysql technology. UKcms v1.1.7 and previous versions exist file upload vulnerability. The vulnerability is due to the system does not strictly filter the file upload type. Attackers can use the vulnerabili...

Code Execution Vulnerability in YUNUCMS v1.1.1

YUNUCMS enterprise website management system YUNUCMS is a set of professional marketing enterprise building system based on PHP + MYSQL as the core development. Code execution vulnerability exists in YUNUCMS v1.1.1. An attacker can exploit the vulnerability to execute arbitrary code and gain...