Chamilo LMS SQL注入漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. chamilo LMS is vulnerable to a SQL injection vulnerability that originates in the main...

CVE-2021-20104

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...

Machform 代码问题漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A remote code execution vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments uploaded wi...

CVE-2020-26837

SAP Solution Manager 7.2 User Experience Monitoring, version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the...

AndroVideo Advan VD-1 Access Control Error Vulnerability

The AndroVideo Advan VD-1 is a security camera from AndroVideo Taiwan, China. An access control error vulnerability exists in AndroVideo Advan VD-1. The vulnerability can be exploited to install arbitrary APKs without authentication by sending a POST request to the cgibin/ApkUpload.cgi file...

CVE-2019-14706

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...

CVE-2019-11062

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

DNS Traffic Capture: DNSCAP

dnscap is a network capture utility designed specifically for DNS traffic. It produces binary data in pcap3 and other format. This utility is similar to tcpdump1, but has a number of features tailored to DNS transactions and protocol options. DNS-OARC uses dnscap for DITL data collections. Some o...

CVE-2017-12071

Server-side request forgery SSRF vulnerability in fileupload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter...

ZYCHCMS V06 Build170526 has a file inclusion vulnerability

ZYCHCMS is an enterprise website management system. A file inclusion vulnerability exists in ZYCHCMS V06. An attacker can exploit this vulnerability to upload script files...

PHP Product Designer Script Arbitrary File Upload

Exploit Title: PHP Product Designer Script - Arbitrary File Upload Google Dork: N/A Date: 30.01.2017 Vendor Homepage: https://codecanyon.net/item/php-product-designer/19334412 Software Buy: https://codecanyon.net/item/php-product-designer/19334412 Demo:...

Advanced Upload (PHP) Script 1.0.2 SQL Injection

Advanced Upload PHP Script Version 1.0.2 MySQL Injection Vulnerabilities ============================================================================ Discovered by NA, NAattutanota.com ======================================= Description ============ An advanced php uploading script with MANY...

FreePBX 1314 - Remote Command Execution Privilege Escalation

FreePBX 1314 - Remote Command Execution Privilege Escalation !/usr/bin/env python -- coding, latin-1 -- DESCRIPTION FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net AUTHOR pgt - nullsecurity.net DATE 8-12-2016 VERSION freepbx0day.py 0.1 AFFECTED VERSIONS FreePBX 13 & 14...

FreePBX 13/14 - Remote Command Execution / Privilege Escalation

!/usr/bin/env python -- coding, latin-1 -- DESCRIPTION FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net AUTHOR pgt - nullsecurity.net DATE 8-12-2016 VERSION freepbx0day.py 0.1 AFFECTED VERSIONS FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta1 - 13.0.26 STA...

FreePBX 13 / 14 - Remote Command Execution / Privilege Escalation

Exploit for linux platform in category remote exploits !/usr/bin/env python -- coding, latin-1 -- DESCRIPTION FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net AUTHOR pgt - nullsecurity.net DATE 8-12-2016 VERSION freepbx0day.py 0.1 AFFECTED VERSIONS FreePBX 13 & 14 Syste...

Tequila File Hosting 1.5 Shell Upload

================================================================================ Tequila File Hosting Unrestricted File Upload ================================================================================ Vendor Homepage: http://codecanyon.net/item/tequila-file-hosting-script/7604312 Date:...

WordPress Powerplay Gallery Plugin Arbitrary File Upload Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.Powerplay Gallery is one of the gallery plug-ins for displaying images. An arbitrary file upload vulnerability exists ...

WordPress wp-powerplaygallery plugin 'upload.php' has multiple SQL injection vulnerabilities

WordPress is a blogging platform developed using the PHP language. WordPress wp-powerplaygallery plugin version 3.3 and earlier, there are multiple sql injection vulnerabilities in the implementation of upload.php, which can be exploited by an attacker to access or modify data, etc...

Ckeditor 4.4.7 Shell Upload / Cross Site Scripting

----------------------------------------- 0-DAY Aint DIE | No Priv8 | KedAns-Dz ----------------------------------------- ---------------------------- K |................| . h |.......................| A a |.......................| N l |.....................| S E |.......................| e D...

HelpDEZk 1.0.1 Unrestricted File Upload Vulnerability

HelpDEZk version 1.0.1 suffers from a remote unrestricted file upload vulnerability. Product: HelpDEZk Vendor: HelpDEZk Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 15, 2014 without technical details Vendor Notification: October 15, 2014 Public...