CVE-2021-29377

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt...

Egavilan Media Bakeshop Online Ordering System 代码问题漏洞

Egavilan Media Bakeshop Online Ordering System is a Javascript-based code repository that supports interaction with git repositories from Egavilan Media. A security vulnerability exists in Online Ordering System 1.0 that allows the upload of arbitrary .php files, which could lead to remote code...

PT-2021-11913 · Zenphoto · Zenphoto

Name of the Vulnerable Software and Affected Versions: Zenphoto versions 1.5.7 and earlier Description: The issue allows for authenticated arbitrary file upload, leading to remote code execution. An attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop file...

Microweber Unrestricted File Upload Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in the Microweber administrator account page. An attacke...

Reload vulnerability in ZZCMS in***.php page

ZZCMS is a free website builder developed in asp language. A reinstallation vulnerability exists in the ZZCMS in.php page. An attacker can exploit the vulnerability to overwrite previous files resulting in a system reinstallation...

CVE-2020-1182

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations on-premises version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacke...

CVE-2020-1182

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations on-premises version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacke...

Remote code execution

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations on-premises version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacke...

Heybbs 1.2 no***_de***.php file has SQL injection vulnerability

HEYBBS micro-community is a front-end based on bootstrap+jq+css, back-end php+mysql development of micro-community program. A SQL injection vulnerability exists in the Heybbs 1.2 node.php file, which can be exploited by an attacker to obtain sensitive information from the database...

Arbitrary File Upload Vulnerability in Guojiz

Guojiz is a light community system based on layui front-end framework and thinkphp. Guojiz has an arbitrary file upload vulnerability, which can be exploited by an attacker to upload any type of image, such as a php Trojan horse, when editing a forum post or adding a comment via the upload image...

Arbitrary File Upload Vulnerability in NewLogo Online Education Software

NewLogo online education software, relying on ThinkPHP5 + layui two major frameworks, is one of the few open source online education software. NewLogo Online Education Software suffers from an arbitrary file upload vulnerability, which can be exploited by an attacker to upload a php file that can...

fileGPS - A Tool That Help You To Guess How Your Shell Was Renamed After The Server-Side Script Of The File Uploader Saved It

Introduction When you upload a shell on a web-server using a file upload functionality, usually the file get renamed in various ways in order to prevent direct access to the file, RCE and file overwrite. fileGPS is a tool that uses various techniques to find the new filename, after the server-sid...

Zomato: [www.zomato.com] Blind XSS in one of the admin dashboard

Summary: Admin dasboard ████ from user has XSS Vul Steps To Reproduce: 1. Login ██████ 1. Go to ███ function and intercept request Post data: "/zomato.php?c=zomatoxss" / POST ████ HTTP/1.1 X-Zomato-App-Version-Code: 5610001 ██████████ ███████ X-Zomato-API-Key: ███████ X-App-Language:...

File upload vulnerability in frontend of sentcms v3.0.170127

SentCMS website management system is a simple and easy-to-use website management system created by Nanchang Tengshu Technology Co. SentCMS v3.0.170127 has a file upload vulnerability, due to the system fails to strictly detect the editor function when uploading files. A remote attacker can use th...

N-Media file uploader vulnerability in handling uploaded files

Overview N-Media file uploader is a plugin for WordPress. N-Media file uploader contains a vulnerability CWE-264 in the way it handles uploaded files. As a result, an arbitrary PHP script which is uploaded may be executed. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...

php_news 2.0 user_user.php language Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20209/info PHPNews is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary server-si...

PhotoGal 1.0/1.5 News_File Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14190/info PhotoGal is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue will allow an attacker...

free QBoard 1.1 contact.php qb_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows the attacker to execute arbitrary...

MySource 2.14 Span.php PEAR_PATH Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these...

Grayscale BandSite CMS 1.1 reviews_content.php the_band Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...