LikeSoftware CMS Cross Site Request Forgery / Shell Upload

Exploit Title: LikeSoftware CMS - Arbitrary File Upload Google Dork: inurl:/painel/kcfinder/upload/ For easy you can using Google Search Image Date: 2018-05-24 Exploit Author: Mr.7z Vendor Homepage: http://www.likesoftware.com.br/ Software Link: - Tested on: Windows 10 64bit Home Edition Exploit:...

Digital Guardian Management Console 7.1.2.0015 Shell Upload

Title: Digital Guardian Managment Console - Arbitrary File Upload Leading To Remote Code Execution RCE Vulnerability Author: Pawel Gocyla Date: 18 April 2018 CVE: CVE-2018-10173 Affected software: ================== Digital Guardian Managment Console Version 7.1.2.0015 Description: ============...

Vehicle Sales Management System XSS / Shell Upload / SQL Injection

Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link: https://sourceforge.net/projects/vsms-php/?source=typredirect Version: 07/2017 possible v1.2 Tested on:...

Mail.ru: Shell upload in http://widget.support.my.com/

PHP shell upload was possible on widget.support.my.com support frontend site. This report was accepted within lootdog.io preliminary bug bounty program, because lootdog.io is supported via support.my.com...

Toplist 2 SQL Injection / Backdoor Account / Shell Upload

============================================================================ | Title : toplist v 2 Backdoor account Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 FranASSais V.Pro | | Version : v 2 | | Vendor : http://wmscripti.com | | Dork :...

D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection

,---.| | |---'|---.,---.,---.,---.|---.,---.,---.. .,---. | | || |---.| || || || | |---. '---'---'|---' '---' ---'---' | Phosphorus Cybersecurity, Inc. D-Link DNS-325 ShareCenter Multiple Vulnerabilities Released Date: 2017-XX-XX Last Modified: 2017-06-22 Company Info: D-Link Version Info:...

Mail.ru: Возможность залить шелл на https://widget.operator.mail.ru

It was possible to upload a shell code to widget.operator.mail.ru via file upload feature. widget.operator.mail.ru is a part of games.mail.ru and is not currently covered by bug bounty program. Shell upload...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

weblogicwlswsatrce Weblogic wls-wsat组件反序列化漏洞CVE-2017-10...

Joomla Advertisement Board Classifieds 3.2.0 Shell Upload

Title: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability Credit: Bilal KARDADOU Vendor: http://ordasoft.com/ URL: http://ordasoft.com/advertisement-board-joomla-classifieds-extension Product: 'Advertisement board Joomla classifieds extension 3.2.0'...

Joomla Advertisement Board Classifieds 3.2.0 Shell Upload Vulnerability

Exploit for php platform in category web applications Title: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability Credit: Bilal KARDADOU Vendor: http://ordasoft.com/ URL: http://ordasoft.com/advertisement-board-joomla-classifieds-extension Product:...

Chatting System PHP Ajax MySQL JavaScript 1.0 Shell Upload

Exploit Title: Chatting System PHP Ajax MySQL JavaScript - Remote Shell Upload Google Dork: N/A Date: 2017/31/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://www.codester.com/IngeniousDeveloper Software Buy:...

Multiple File Upload Vulnerabilities in CLTPHP Content Management System

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. Multiple file upload vulnerabilities exist in the backend of the CLTPHP content management system, which allows attackers to log in to the backend and upload webshells to gain control of the...

Western Digital MyCloud PR4100 Web Management Component 'multi_uploadify' File Upload Vulnerability

The Western Digital MyCloud PR4100 is a networked cloud storage device from Western Digital.The web administration component is one of the web administration components. A security vulnerability exists in the Web administration component of the Western Digital MyCloud PR4100 version 2.30.172. An...

CSC Cart 4.6.2 Shell Upload Vulnerability

Exploit for php platform in category web applications Summary CSC Cart is a PHP based shopping cart software, which is hosted either locally or by the company csc-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server. This has be...

WordPress WP Mobile Detector 3.5 Shell Upload Exploit

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a...

osTicket 1.10.1 Shell Upload

Reference: https://becomepentester.blogspot.ae/2017/10/osTicket-File-Upload- Restrictions-Bypassed-CVE-2017-15580.html Exploit Title: File Upload Restrictions Bypassed Date: 18 October, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://osticket.com/ Software Link:...

osTicket 1.10.1 Shell Upload Vulnerability

Exploit for php platform in category web applications Reference: https://becomepentester.blogspot.ae/2017/10/osTicket-File-Upload- Restrictions-Bypassed-CVE-2017-15580.html Exploit Title: File Upload Restrictions Bypassed Date: 18 October, 2017 Exploit Author: Rajwinder Singh Vendor Homepage:...

WordPress WP Mobile Detector 3.5 Shell Upload

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a...

dotCMS 4.1.1 Remote Shell Upload Vulnerability

dotCMS is prone to a remote shell upload vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotcms:dotcms"; if...

Afian AB FileRun 2017.03.18 CSRF / Shell Upload / XSS / Redirection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Afian AB FileRun vulnerable version: 2017.03.18 fixed version: 2017.09.18 impact: critical homepage: https://www.filerun.com |...