Nexus Repository Manager 3 new vulnerability has been used in mining Trojan spread, users are advised to fix as soon as possible-vulnerability warning-the black bar safety net

Recently, Ali cloud security monitoring to watchbog mining Trojan use the new exposure of the Nexus Repository Manager 3 remote code execution vulnerabilityCVE-2019-7238for attack and mining the events. It is worth noting that this attack Start Time 2 on 24th and 2 on 5 May above products, the...

SchoolCMS Arbitrary PHP Code Execution Vulnerability

SchoolCMS is an open source school teaching management system based on ThinkPHP framework. The system includes student management , grade management and teacher management . A security vulnerability exists in SchoolCMS version 2.3.1. An attacker can exploit this vulnerability to execute arbitrary...

ThinkPHP Command Execution Vulnerability

Top Thinking Information Technology ThinkPHP is a PHP-based, open source, lightweight Web application development framework from China Top Thinking Information Technology. ThinkPHP3.2.4 previous version used in Open Source BMS v1.1.1 version and other devices in the existence of a command executi...

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

Command injection

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

CVE-2019-9082

ThinkPHP CVE-2019-9082 affects ThinkPHP before 3.2.4 (used in Open Source BMS v1.1.1). The vulnerability allows Remote Command Execution via a crafted request to public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=..., enabling an attacker to run comm...

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command. Recent assessments: Mad-robot at July 05, 2020 1:53pm UTC reported:...

Thinkphp 'Request.php' file code execution vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking Information Technology Co., Ltd. development and maintenance of the MVC structure of the open-source PHP framework. A code execution vulnerability exists in the Thinkphp 'Request.php' file. An attacker could exploit this...

VulnCheck KEV: CVE-2018-10225

thinkphp 3.1.3 has SQL Injection via the index.php s parameter...

ThinkPHP 5.0.x < 5.0.24 Remote Code Execution

A remote code execution vulnerability exists within multiple subsystems of ThinkPHP 5.0.x. This potentially allows attackers to exploit multiple attack vectors on a ThinkPHP site, which could result in the site being completely compromised. Note: This has been detected using an active check and...

ThinkPHP 5.0.x < 5.0.23 / 5.1.x < 5.1.31 Remote Code Execution

A remote code execution vulnerability exists within multiple subsystems of ThinkPHP 5.0.x and 5.1.x. This potentially allows attackers to exploit multiple attack vectors on a ThinkPHP site, which could result in the site being completely compromised. Note: This has been detected using an active...

WTCMS Cross-Site Scripting Vulnerability

WTCMS is a ThinkPHP-based content management system CMS. A cross-site scripting vulnerability exists in WTCMS version 1.0, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'statistic code' field...

WTCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-04684)

WTCMS is a ThinkPHP-based content management system CMS. A cross-site request forgery vulnerability exists in WTCMS version 1.0, which can be exploited by remote attackers to alter website information...

SchoolCMS Cross-Site Scripting Vulnerability

SchoolCMS is an open source school teaching management system based on ThinkPHP framework. The system includes student management , grade management and teacher management . SchoolCMS has a cross-site scripting vulnerability. Attackers can use this vulnerability to inject arbitrary Web script or...

SchoolCMS Cross-Site Scripting Vulnerability (CNVD-2019-35030)

SchoolCMS is an open source school teaching management system based on ThinkPHP framework. The system includes student management , grade management and teacher management . SchoolCMS cross-site scripting vulnerability , remote attackers can use the vulnerability to inject arbitrary Web script or...

ThinkPHP Multiple Parameter RCE

Binary data thinkphprce.nbin...

SpeakUp Linux Backdoor Sets Up for Major Attack

LAS VEGAS — A backdoor trojan dubbed “SpeakUp” has been spotted exploiting the Linux servers that run more than 90 percent of the top 1 million domains in the U.S. It uses a complex bag of tricks to infect hosts and to propagate, which analysts say could indicate that it’s poised for a major...