EUVD-2018-6793

Malware in sbrugna...

Logic Flaw Vulnerability in Mingus Web Application Firewall

MingGuard Web Application Firewall is a professional application security protection product that focuses on providing security protection for websites, APPs and other Web business systems, providing multi-dimensional and deep-level security detection and protection for website and APP business...

Textpattern Cms 代码问题漏洞

Textpattern is a free open source content management system based on PHP and MySQL. An arbitrary file upload vulnerability exists in Textpattern version 4.8.4. The vulnerability originates from the plugin upload location in the background without any security verification. An attacker can use thi...

Nanosystems Supremo Access Control Error Vulnerability

Nanosystems Supremo is a remote desktop management software from the Italian company Nanosystems. An access control error vulnerability exists in Nanosystems SupRemo version 4.1.3.2348, which originates from the ability to rename SupRemo .exe using a file manager, and then upload a Trojan horse...

File Upload Vulnerability in Guojiz Integrated Content Management System V1.2

Guojiz integrated content management system is a domestic open source light navigation system program, based on ThinkPHP5 development, support for plug-in extensions, support for template extensions. Guojiz integrated content management system V1.2 file upload vulnerability , attackers can use th...

YXBOOKCMS institutional library control system v1.0.1 universal version of the existence of code execution vulnerabilities

YXBOOKCMS institutional library management system is an ultra-lightweight institutional library control system for small and medium-sized schools, high schools, middle schools and other types of institutions library control. There is a code execution vulnerability in the popular version of...

Command Execution Vulnerability in ThinkLC Backend

ThinkLC is a classified information system developed by SaxueCMS. A command execution vulnerability exists in the backend of ThinkLC, which can be exploited by an attacker to upload a Trojan horse file at the upload template in the backend and gain control of the web server...

File upload vulnerability in UKcms v1.1.7 and previous versions

UKcms is a simple, flexible and open source web content management system based on PHP7 and mysql technology. UKcms v1.1.7 and previous versions exist file upload vulnerability. The vulnerability is due to the system does not strictly filter the file upload type. Attackers can use the vulnerabili...

Code Execution Vulnerability in School Worry-Free School Website System

School Worry-Free School Website System is a universal school website management system for primary and secondary schools. A code execution vulnerability exists in the SchoolWorryFree School Website System. An attacker can exploit the vulnerability to log in to the backend, upload Trojan horse, a...

Code Execution Vulnerability in Coupon Pusher CMS v1.8

Push Couponer CMS is a PHP Taobao coupon website developed in PHP+MySQL. A code execution vulnerability exists in PushCoupon CMS v1.8, which is caused by the system failing to adequately filter the values of uninvited parameters and cached files. An attacker can exploit this vulnerability to uplo...

Code Execution Vulnerability in CwCms v1.8

CwCMS is a customized ASP+Access/MsSql content management system specifically designed for corporate websites. A code execution vulnerability exists in CwCms v1.8, which is due to the system failing to effectively filter input parameters. An attacker can exploit this vulnerability to upload a...

LvyeCms v3.1 has an arbitrary file creation vulnerability

LvyeCms 旅烨cms is a php content management system based on ThinkPHP. LvyeCms v3.1 version exists arbitrary file creation vulnerability, the vulnerability is due to the system fails to fully filter the incoming file content and path parameters. An attacker can use this vulnerability to upload Troja...

Code Execution Vulnerability in WANCMS v1.0

WANCMS is a content management system that uses php+mysql program source code. A code execution vulnerability exists in WANCMS v1.0 due to the system failing to effectively filter some input parameter values. An attacker can exploit this vulnerability to upload a Trojan horse file and obtain a...

Code Execution Vulnerability in LvyeCms Version v3.1

LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A code execution vulnerability exists in LvyeCms v3.1, which is caused by the system failing to adequately filter input parameters and values in cached files. An attacker can exploit this vulnerability to upload a Trojan horse fi...

ZhiCms v1.8 Code Execution Vulnerability

ZhiCms is an enterprise building system based on PHP and mysql technology. A code execution vulnerability exists in ZhiCms v1.8, which is due to the system failing to effectively filter input parameters. An attacker can exploit this vulnerability to upload a Trojan script file to obtain a webshel...

Code Execution Vulnerability in SentCMS v3.0.1707

SentCMS website management system is a simple and easy-to-use website management system created by Nanchang Tengshu Technology Co. A code execution vulnerability exists in SentCMS v3.0.1707, which is caused by the system failing to effectively filter data written to cache files. An attacker can u...

Code Execution Vulnerability in Rice CMS v5.9.9

DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. A code execution vulnerability exists in Daimi CMS v5.9.9, which is caused by the...

Code execution vulnerability in DedeCMS V5.7 SP2 (CNVD-2018-01221)

Weaving dream content management system DedeCms is a PHP open source website management system. DedeCMS V5.7 SP2 version of the tpl.php there is a code execution vulnerability, an attacker can use the vulnerability in the addition of new tags to upload a Trojan horse, get webshell...

PHPCMS V9.6.3 CSRF Vulnerability and Arbitrary File Write Vulnerability in the Backend

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPcms V9.6.3 version of the backend exists CSRF vulnerability and arbitrary file write vulnerability. Attackers can use this vulnerability to remotely write Trojan horse files to obtain web server administrative...

Struts2 devMode Remote Command Execution Vulnerability in Chengdu Konsai Information Technology Co.

TeachCloud Resource Platform is an education informatization product for China's compulsory education education management institutions and schools, aiming at realizing regional or intra-school resource sharing and promoting the application of resources for "teaching" and "learning". The product...