305 matches found
Gas Agency Management 2022 SQL Injection / XSS / Shell Upload
Title: Gas Agency Management-2022 by Mayuri K - SQLi+FU-RCE+XSS Author: nu11secur1ty Date: 08.12.2022 Vendor Homepage: https://www.mayurik.com/downloadsection Software Link-0: https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html Software...
CVE-2022-26986
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...
PT-2022-18162 · Unknown · Impresscms
Name of the Vulnerable Software and Affected Versions: ImpressCMS versions 1.4.3 and earlier Description: The issue allows remote attackers to inject code in an unintended way, enabling them to read and modify sensitive information from the database used by the application. If the system is...
CVE-2022-0537
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...
Croogo 代码问题漏洞
Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. A security vulnerability exists in Croogo 3.0.2, which can be exploited to allow...
Exam Reviewer Management System 1.0 Shell Upload
Exploit Title: Exam Reviewer Management System 1.0 - Remote Code Execution RCE Authenticated Date: 2022-02-08 Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...
WordPress Popular Posts 5.3.2 Shell Upload
Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...
Design/Logic Flaw
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...
Exploit for Path Traversal in Vmware Cloud_Foundation
PoC exploit for CVE-2021-21972, a remote code execution vulnerability in VMware vCenter 6.5-7.0. The exploit uploads the web shell "shell.jsp" to the target server, which is then executed to gain remote code execution. The exploit is invoked by running the Python script "vcenterrce.py" with the U...
File Upload Vulnerability in Kaixin Procurement System
Qixing Purchasing System is a system for material purchasing and management, which is developed using ASP.NET language. A file upload vulnerability exists in the Qixing Procurement System. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
Artica Pandora FMS Code Issue Vulnerability (CNVD-2020-32917)
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in the File Repository Manager feature in Artica Pandora FMS version 7.44. The...
qdPM < 9.1 - Remote Code Execution Exploit
Exploit for multiple platform in category web applications !/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an...
qdPM Remote Code Execution
!/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an exploit to automatically upload a PHP web shell to the qdPM...
CVE-2019-11680
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image...
Multiple File Upload Vulnerabilities in CLTPHP Content Management System
CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. Multiple file upload vulnerabilities exist in the backend of the CLTPHP content management system, which allows attackers to log in to the backend and upload webshells to gain control of the...
Apache ActiveMQ 5.x Web Shell Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ActiveMQ web shell upload', 'Description' = %q The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uplo...
ActiveMQ web shell upload
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. This module requires Metasploit: https://metasploit.com/download Current source:...
Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation Vulnerabilities
Teradici Management Console version 2.2.0 suffers from privilege escalation and remote shell upload vulnerabilities Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...
Teradici Management Console 2.2.0 - Privilege Escalation
Teradici Management Console 2.2.0 - Privilege Escalation Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...
JMX2 Email Tester - 'save_email.php' Arbitrary File Upload
Exploit Title: JMX2 Email Tester - Web Shell Uploadsaveemail.php Date: 2016-02-15 Blog: http://www.hahwul.com Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester Software Link: https://github.com/johnfmorton/jmx2-Email-Tester/archive/master.zip Tested on: debian wheezy CVE : none...