The vulnerability of the WS_FTP Server server control module allows attackers to perform cross-site scripting attacks.

The vulnerability of the WSFTP Server server management module is related to the lack of measures taken to protect the website structure when processing SSL certificate parameters. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2023-4861

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution...

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...

CVE-2023-3664

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

CVE-2023-3664

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

Code injection

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

CVE-2023-3664 FileOrganizer <= 1.0.2 - Admin+ Arbitrary File Access

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

Command Execution Vulnerability in Black Shield Network Security Audit System of Fujian Strait Information Technology Co. Ltd (CNVD-2023-81307)

Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the BlackShield Network Security Audit System of Fuji...

Command Execution Vulnerability in Reporter System of Fujian Strait Information Technology Co. Ltd (CNVD-2023-81306)

Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the Reporter system of Fujian Strait Information...

Command Execution Vulnerability in Black Shield Network Security Audit System of Fujian Strait Information Technology Co.

Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the BlackShield Network Security Audit System of Fuji...

FileOrganizer < 1.0.3 - Admin+ Arbitrary File Access

Description The plugin does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. PoC On a multisite instance, log in as an admin. Click on File Organizer in the sidebar. The UI gives full control to the files on the server, despite not bein...

Command Execution Vulnerability in JeecgBoot of Beijing Oberweis Technology Co.

JeecgBoot is an enterprise-grade, low-code platform. JeecgBoot has a command execution vulnerability that can be exploited by an attacker to gain control of the server...

Sql injection

DISPUTED Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original...

CVE-2023-39851

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation...

GHSA-HF7J-XJ3W-87G4 1Panel arbitrary file write vulnerability

Summary An arbitrary file write vulnerability could lead to direct control of the server Details Arbitrary file creation In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering...

CVE-2023-39966

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

CVE-2023-39966 1Panel arbitrary file write vulnerability exists in the background

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

Command Execution Vulnerability in Magic R365 of Xinhuanet Technologies Ltd.

The Magic R365 from Xinhua San Technologies is a full gigabit wireless router. A command execution vulnerability exists in the Xinhua San Technologies Magic R365, which can be exploited by an attacker to gain control of the server...

File upload vulnerability in inforsuiteAS application server of Shandong Zhongchuang Software Commercial Middleware Co.(CNVD-2023-63818)

Shandong Zhongchuang Software Commercial Middleware Co., Ltd. is a company whose business scope includes the sales and maintenance services of computers, software and auxiliary equipment, electronic equipment, computer network equipment, etc. A file upload vulnerability exists in the inforsuiteAS...

Binary Vulnerability in Magic R365 of Xinhua San Technologies Limited (CNVD-2023-63799)

The Magic R365 Router is a wireless router manufactured by Xinhua San Technology Company Limited H3C. A binary vulnerability exists in the H3C Magic R365 that can be exploited by an attacker to gain control of the server...