Lucene search
K

1369 matches found

Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.3 views

PT-2022-19965 · Gxcms · Gxcms

Name of the Vulnerable Software and Affected Versions: GXCMS version 1.5 Description: The issue is related to a file upload vulnerability in the background, specifically on the template management page. This allows an attacker to edit any template content, rename it to a PHP suffix file, and then...

7.2CVSS7.3AI score0.00913EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/05/17 12:0 a.m.9 views

CVE-2022-30007

GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server...

7.2AI score0.00913EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/13 1:38 a.m.32 views

RubyGems has Origin Validation Error vulnerability

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...

8.1CVSS4.3AI score0.0475EPSS
Exploits1References16Affected Software1
NVD
NVD
added 2022/05/05 5:15 p.m.15 views

CVE-2022-28606

An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server...

9.8CVSS0.01403EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/05/05 5:15 p.m.1 views

CVE-2022-28120

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

9.8CVSS5.9AI score0.00982EPSS
Exploits0References2
NVD
NVD
added 2022/05/05 5:15 p.m.13 views

CVE-2022-28120

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

9.8CVSS0.00982EPSS
Exploits0References1
Prion
Prion
added 2022/05/05 5:15 p.m.18 views

Privilege escalation

An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server...

7.5CVSS9.5AI score0.01403EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/05/05 5:15 p.m.13 views

Unrestricted file upload

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

7.5CVSS9.5AI score0.00982EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/05/05 4:2 p.m.15 views

CVE-2022-28120

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

9.9AI score0.00982EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/05/05 4:0 p.m.22 views

CVE-2022-28606

An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server...

9.8AI score0.01403EPSS
Exploits0References3
OSV
OSV
added 2022/05/03 4:15 a.m.3 views

CVE-2022-20737

A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...

7.1CVSS5.8AI score0.01101EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.54 views

Hikvision iVMS-A100 has a command execution vulnerability

Hikvision iVMS-A100 is an integrated alarm video management platform that implements multiple functions such as alarm management, video review, preview playback, storage and download, alarm linkage, remote control, information forwarding, business management, and value-added services. iVMS-A100 i...

4AI score
Exploits0
GithubExploit
GithubExploit
added 2022/04/12 4:14 a.m.474 views

Exploit for Code Injection in Vmware Identity_Manager

CVE-2022-22954 Vulnerability Description Workspace ONE Acce...

10CVSS7.7AI score0.99997EPSS
Exploits24
CNVD
CNVD
added 2022/04/06 12:0 a.m.6 views

Command Execution Vulnerability in TOTOLINK A3100R

The TOTOLINK A3100R is a wireless router. A command execution vulnerability exists in the TOTOLINK A3100R, which can be exploited by an attacker to gain control of the server...

7.5AI score
Exploits0
CNVD
CNVD
added 2022/03/18 12:0 a.m.15 views

File Upload Vulnerability in the Monthly Care ERP Management Platform of Wuhan Jin Tongfang Technology Co.

Wuhan Jin Tongfang Technology Co., Ltd. is a company that provides informatization solutions for the mother and child service industry. A file upload vulnerability exists in the monthly care ERP management platform of Wuhan Golden Tongfang Technology Co. Ltd, which can be exploited by attackers t...

7.4AI score
Exploits0
CNVD
CNVD
added 2022/03/18 12:0 a.m.20 views

File upload vulnerability exists in InforSuite AS of Shandong Zhongchuang Software Commercial Middleware Co.

InforSuite AS is an enterprise-class middleware certified as fully compatible with Jakarta EE 9, 8 and Java EE8, 7, 6. Ltd. InforSuite AS has a file upload vulnerability, which can be exploited by attackers to gain control of the server...

4.3AI score
Exploits0
CNVD
CNVD
added 2022/03/15 12:0 a.m.11 views

Command execution vulnerability exists in DMETL5 development version of Wuhan Damon Database Co.

Damon Data Exchange Platform DMETL for short is a data processing and integration platform with independent copyright developed by Wuhan Damon Database Co. Ltd. DMETL5 development version has a command execution vulnerability, which can be exploited by attackers to gain control of the server...

4AI score
Exploits0
CNVD
CNVD
added 2022/03/04 12:0 a.m.21 views

Hestiacp Cross-Site Scripting Vulnerability

Hestiacp is an open source Linux web server control panel designed to provide administrators with an easy-to-use web and command line interface. Hestiacp suffers from a cross-site scripting vulnerability that originates from an unprocessed user-controlled GET domain parameter in index.php, which...

6.1CVSS6.2AI score0.00821EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.10 views

BossCMS suffers from an arbitrary file upload vulnerability (CNVD-2022-25692)

BossCMS is a safe, stable, good, permanent free open source, independent research and development of PHP framework for enterprise building system. BossCMS arbitrary file upload vulnerability can be exploited by attackers to gain control of the server...

7.7AI score
Exploits0
CNVD
CNVD
added 2022/03/01 12:0 a.m.17 views

File Upload Vulnerability in BossCMS

BossCMS is a content management system based on self-developed PHP framework MySQL architecture developed by Wenzhou Huyin Information Technology Co. A file upload vulnerability exists in BossCMS, which can be exploited by attackers to gain control of the server...

7.4AI score
Exploits0
Rows per page
Query Builder