CVE-2022-37184

The application managewebsite.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file...

CVE-2022-37184

The CVE describes a vulnerability in Garage Management System 1.0 where the file upload handler manage_website.php allows an authenticated attacker to upload a shell file resulting in Remote Code Execution (RCE) or Local Code Execution (LCE). Multiple connected sources (Red Hat advisory, PT Secur...

PT-2022-23861 · Unknown · Garage Management System

Name of the Vulnerable Software and Affected Versions: Garage Management System version 1.0 Description: The application manage website.php is vulnerable to Shell File Upload. An already authenticated malicious user can upload a dangerous Remote Code Execution RCE or Local Code Execution LCE...

Gas Agency Management 2022 SQL Injection / XSS / Shell Upload Vulnerabilities

Gas Agency Management 2022 suffers from cross site scripting, remote SQL injection, and remote shell upload vulnerabilities. Title: Gas Agency Management-2022 by Mayuri K - SQLi+FU-RCE+XSS Author: nu11secur1ty Vendor Homepage: https://www.mayurik.com/downloadsection Software Link-0:...

CVE-2021-25094

The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...

CVE-2022-24609

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...

Improper access control

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...

CVE-2022-24609

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...

CVE-2022-24609

CVE-2022-24609 affects Luocms v2.0. The vulnerability is an incorrect access-control flaw that allows an unauthenticated or minimally privileged attacker to write an arbitrary shell file through /admin/templates/template_manage.php. Several connected records describe the root cause as insufficien...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

Raysync Remote Code Execution Vulnerability (CNVD-2020-73753)

Raysync is a cloud platform for storing and transferring large files. A remote code execution vulnerability exists in Raysync versions prior to 3.3.3.8. The vulnerability can be exploited to remotely execute code on a hosted server by sending a specially crafted request to overwrite a specific fi...

CVE-2020-35370

A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code executionRCE on the...

Raysync 代码注入漏洞

Raysync is a cloud platform for storing and transferring large files. A remote code execution vulnerability exists in Raysync versions prior to 3.3.3.8. The vulnerability can be exploited to remotely execute code on a hosted server by sending a specially crafted request to overwrite a specific fi...

CTF-Web-Challenges

This is a PHP challenge where the goal is to get a shell on the server. The challenge is hosted on a Docker container, and the PHP code is written in a way that makes it difficult to execute arbitrary code. The challenge involves using the session.uploadprogress feature in PHP, which allows us to...

Malware exploit: Rockloaded

Type: SQLi and shell file upload Author: Danail Velev Contact: ICQ: 209030 / [email protected] Website: http://colocation.bg/ Software: https://github.com/colocation/RockLoader-source Original Release: https://cxsecurity.com/ascii/WLB-2016070003...

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability All Versions Usage Info Usage:alibaba.php host shell-file.php Ex:alibaba.php www.example.com c99.php Test : php alibaba.php tibastore.com c99.php php alibaba.php hechoenmexicob2b.com c99.php $val $data .= "--$boundary\n"; $data .=...

Wolf CMS 0.8.2 - Arbitrary File Upload

Wolf CMS 0.8.2 - Arbitrary File Upload ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Wolf CMS...

Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities

Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities Exploit Title: Serenity Client Management Portal Multiple Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.1 Software Link: http://codecanyon.net/item/serenity-client-management-portal/9136098 Softwa...

Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities

Exploit Title: Serenity Client Management Portal Multiple Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.1 Software Link: http://codecanyon.net/item/serenity-client-management-portal/9136098 Software Test Link: http://www.zenperfectdesign.com/demo/serenity-cc/...

eggBlog 4.1.2 - Arbitrary File Upload Vulnerability

No description provided by source. Exploit Title: eggBlog Arbitrary File Upload Vulnerability Google Dork:powered by eggBlog.net Date: 28/04/2013 Exploit Author: Pokk3rs Vendor Homepage: http://eggblog.net/ Software Link: http://sourceforge.net/projects/eggblog/files/eggBlog%204/v4.1.2/ Tested on...