Code execution vulnerability in CLTPHP version 5.5.2

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. A code execution vulnerability exists in CLTPHP version 5.5.2, where an attacker can log in to the frontend and upload a Trojan horse file in the avatar upload area to gain control of the web...

Arbitrary File Upload Vulnerability in UCMS

UCMS is a simple open source content management system. UCMS has an arbitrary file upload vulnerability that allows an attacker to log in to the background and upload arbitrary files to gain control of the web server...

NiuShop open source mall system V1.22 file upload vulnerability

NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a set of PHP open source e-commerce system . NiuShop open source mall system V1.22 file upload vulnerability , attackers can upload Trojan horse files ...

File Upload Vulnerability in Longcai MX

Longcai MX is a marketing website that caters to consumer needs and buying desires. A file upload vulnerability exists in Loncai MX, where an attacker can construct an upload form to upload a file, and at the same time grab packets to modify the file suffix to further gain control of the web serv...

QYKCMS upfile.php page has an arbitrary file upload vulnerability

QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS upfile.php page exists arbitrary file upload vulnerability. Allow attackers to exploit the vulnerability by uploading a script Trojan horse, thus controlling the server privileges...

Code Execution Vulnerability in Rice CMS v5.5.3

DAMI CMS is a free open source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smart phone station solutions. A code execution vulnerability exists in version V5.5.32017-04-15 of DAMI CMS, which can b...

File Upload Vulnerability in UKCMS v1.1.0

UKcms is a simple, flexible and open source web content management system based on PHP7 and mysql technology. UKCMS v1.1.0 version exists file upload vulnerability, the vulnerability is due to the system does not strictly filter the file upload type. Attackers can use this vulnerability to upload...

Code Execution Vulnerability in YzmCMS_v3.6

YzmCMS is a lightweight and open source content management system based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. A code execution vulnerability exists in YzmCMSv3.6. Allow attackers to exploit the vulnerability to execute script code and obtain...

Code Execution Vulnerability in DouPHP V1.3

Douphp is a lightweight enterprise website management system based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. A code execution vulnerability exists in DouPHP V1.3. Allow attackers to exploit the vulnerability to write webshell, execute arbitrary cod...

Code Execution Vulnerability in Pagoda Panel for windows

Pagoda Panel is an easy-to-use, full-featured and free-for-life server management software that supports Linux and Windows. A code execution vulnerability exists in Pagoda Panel for Windows, which is caused due to the program failing to validate the values passed by the user, which can be exploit...

Multiple File Upload Vulnerabilities in CLTPHP Content Management System

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. Multiple file upload vulnerabilities exist in the backend of the CLTPHP content management system, which allows attackers to log in to the backend and upload webshells to gain control of the...

Mail.ru: XSS on account.mail.ru/login

Уязвимость на станице https://account.mail.ru/login и подготовка файлов для атаки --------------------- В процессе исследования заметил, что на странице https://account.mail.ru/login не валидируется значение параметра v. Значение выводится на странице как есть и используется в пути до скрипта...

MyBB 1.8.13 - Cross-Site Scripting

Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an $error in /install/index.php can lead to an XSS which...

Important vulnerabilities early warning: the Windows DNS client in the broke multiple heap buffer overflow flaws vulnerabilities in bug-bug warning-the black bar safety net

Microsoft has in the 2017 year 10 months official fix for the vulnerability CVE-2017-11779, the vulnerability includes the Windows DNS client in the plurality of memory corruption vulnerabilities, running Windows 8/Server 2012 and an updated version ofOSthe computer will be affected by this...

Arbitrary Code Execution Vulnerability in Ocean CMS

Ocean CMS is a film and television CMS program written in php. Ocean CMS has an arbitrary code execution vulnerability that can be exploited by attackers to gain control of the server...

Spoofing

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...

WordPress updraftplus plugin has a file upload vulnerability

Wordpress updraftplus is a plugin that assists Wordpress users in backing up their websites by backing up the entire site to the cloud. A file upload vulnerability exists in the WordPress updraftplus plugin. An attacker can exploit this vulnerability to directly upload php files and gain control ...

ThinkPHP Cache Functions Have Design Flaw Vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. There is a design flaw vulnerability in the ThinkPHP cache function. The vulnerability is due to ThinkPHP in the use of cache data serialization, stored in the php file caused...

Multiple Vulnerabilities in JeeCMS v8.1 Template Management Function

JEECMS is a JEECMSv8.1 version is a collection of PC Internet, mobile Internet and WeChat website in one of the website group management system. JeeCMS v8.1 template management function exists file write, arbitrary file naming, arbitrary file creation vulnerability. An attacker can exploit the...

Code Execution Vulnerability in Micro OA365 WeChat Office System

Micro OA365 is a simple, easy to use, free, microsoft mobile office software. A code execution vulnerability exists in Micro OA365 WeChat Office. An attacker can exploit the vulnerability to gain control of the web server...