1369 matches found
PT-2022-19965 · Gxcms · Gxcms
Name of the Vulnerable Software and Affected Versions: GXCMS version 1.5 Description: The issue is related to a file upload vulnerability in the background, specifically on the template management page. This allows an attacker to edit any template content, rename it to a PHP suffix file, and then...
CVE-2022-30007
GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server...
RubyGems has Origin Validation Error vulnerability
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...
CVE-2022-28606
An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server...
CVE-2022-28120
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...
CVE-2022-28120
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...
Privilege escalation
An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server...
Unrestricted file upload
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...
CVE-2022-28120
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...
CVE-2022-28606
An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server...
CVE-2022-20737
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...
Hikvision iVMS-A100 has a command execution vulnerability
Hikvision iVMS-A100 is an integrated alarm video management platform that implements multiple functions such as alarm management, video review, preview playback, storage and download, alarm linkage, remote control, information forwarding, business management, and value-added services. iVMS-A100 i...
Exploit for Code Injection in Vmware Identity_Manager
CVE-2022-22954 Vulnerability Description Workspace ONE Acce...
Command Execution Vulnerability in TOTOLINK A3100R
The TOTOLINK A3100R is a wireless router. A command execution vulnerability exists in the TOTOLINK A3100R, which can be exploited by an attacker to gain control of the server...
File Upload Vulnerability in the Monthly Care ERP Management Platform of Wuhan Jin Tongfang Technology Co.
Wuhan Jin Tongfang Technology Co., Ltd. is a company that provides informatization solutions for the mother and child service industry. A file upload vulnerability exists in the monthly care ERP management platform of Wuhan Golden Tongfang Technology Co. Ltd, which can be exploited by attackers t...
File upload vulnerability exists in InforSuite AS of Shandong Zhongchuang Software Commercial Middleware Co.
InforSuite AS is an enterprise-class middleware certified as fully compatible with Jakarta EE 9, 8 and Java EE8, 7, 6. Ltd. InforSuite AS has a file upload vulnerability, which can be exploited by attackers to gain control of the server...
Command execution vulnerability exists in DMETL5 development version of Wuhan Damon Database Co.
Damon Data Exchange Platform DMETL for short is a data processing and integration platform with independent copyright developed by Wuhan Damon Database Co. Ltd. DMETL5 development version has a command execution vulnerability, which can be exploited by attackers to gain control of the server...
Hestiacp Cross-Site Scripting Vulnerability
Hestiacp is an open source Linux web server control panel designed to provide administrators with an easy-to-use web and command line interface. Hestiacp suffers from a cross-site scripting vulnerability that originates from an unprocessed user-controlled GET domain parameter in index.php, which...
BossCMS suffers from an arbitrary file upload vulnerability (CNVD-2022-25692)
BossCMS is a safe, stable, good, permanent free open source, independent research and development of PHP framework for enterprise building system. BossCMS arbitrary file upload vulnerability can be exploited by attackers to gain control of the server...
File Upload Vulnerability in BossCMS
BossCMS is a content management system based on self-developed PHP framework MySQL architecture developed by Wenzhou Huyin Information Technology Co. A file upload vulnerability exists in BossCMS, which can be exploited by attackers to gain control of the server...