Lokomedia CMS Arbitrary File Upload Vulnerability

Lokomedia CMS is a php based content management system. Lokomedia CMS suffers from an arbitrary file upload vulnerability that can be exploited by an attacker to upload arbitrary files and gain control of the server...

Code execution vulnerability in weiphp 2.0 system backend

WeiPHP is an open source WeChat public platform development framework to build a personal WeChat public account operation platform. A code execution vulnerability exists in the weiphp 2.0 backend, which can be exploited by attackers to execute code and thus gain control of the server...

Code execution vulnerability in weiphp 2.0 frontend

WeiPHP is an open source WeChat public platform development framework to build a personal WeChat public account operation platform. A code execution vulnerability exists in the weiphp 2.0 frontend platform, which can be exploited by attackers to execute code and thus gain control of the server...

MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Vulnerabilities

Exploit for php platform in category web applications Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google...

Remote code execution

DISPUTED An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment...

ucms v1.4.5 Arbitrary File Editing Vulnerability

UCMS is a simple open source content management system. ucms v1.4.5 version of the existence of arbitrary file editing vulnerability, the attacker can edit any script file, directly write a sentence Trojan horse, to obtain control of the web server...

CVE-2018-9934

The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control...

A Good Shell Is Hard to Choose

I had the recent opportunity to speak at BSides SLC, held on the Sandy campus of Salt Lake Community College. I tailored my presentation to the student demographic and chose to talk about one of the fundamental concepts that a penetration tester must understand: types of shells. I touched on the...

Out-of-bounds

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323...

CVE-2017-17199

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323...

YXCMS has multiple vulnerabilities

Yxcms is an enterprise building system based on PHP and mysql technology. Yxcms 1.4.6 version exists stored XSS, arbitrary file deletion, file write, SQL injection vulnerability, attackers can exploit the vulnerability to obtain control of the web server...

Remote Command Execution Vulnerability in Finecms V5.3.0 Backend

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A remote command execution vulnerability exists in the backend of Finecms V5.3.0, which can be exploited by an attacker to write Trojan scripts to gain control of the server...

CVE-2017-17290

The Light Directory Access Protocol LDAP clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by...

Code execution vulnerability in lyadmin

lyadmin is a set of lightweight general background, using ThinkPHP + Bootstrap3 production, built-in system settings, upload management, rights management, module management, plug-in management and other functions. lyadmin v1.2.0 version of the existence of code execution vulnerabilities ,...

Nortek Linear eMerge E3 Series

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Nortek Equipment: Linear eMerge E3 Series Vulnerability: Command Injection AFFECTED PRODUCTS The following Linear eMerge, an access control interface, versions are affected: Linear eMerge E3 series Versions V0.32-07e...

NetEx HyperIP Post-Auth Remote Command Execution Vulnerability

HyperIP is a WAN optimized virtual appliance. Deploying HyperIP enables data replication, backup, recovery and data center migration. HyperIP has a remote command execution vulnerability in its implementation. The principle of this vulnerability is that setting the setval parameter as a malformed...

Arbitrary File Editing Vulnerability in UCMS Version 1.2

UCMS is a simple open source content management system. UCMS 1.2 version of the existence of arbitrary file editing vulnerability, the attacker can edit the non-existent script file, directly write a sentence Trojan horse, to obtain control of the web server...

Arbitrary file upload vulnerability in jeecms version 9.2

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...

Code execution vulnerability in poscms version 3.2.0.1204

POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS version 3.2.0.1204 code execution vulnerability , the program writes to the cache file of the data from the database site information is not sufficiently filtered when taken out , an attacker can ...

Code execution vulnerability in ykcms

YKCMS is a novel as the core, drawing on the existing market in the various types of novel program, both collection, thief, storage and other features, developed out of the semi-collection mode novel system. ykcms v4.0.40 version of the existence of code execution vulnerabilities, in the change o...