2192 matches found
Design/Logic Flaw
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section...
CVE-2020-23934
Summary of CVE-2020-23934 (RiteCMS 2.2.1) : An authenticated user can upload a PHP web shell via the Filemanager and execute system commands on the server, enabling Remote Code Execution. The known exploit demonstrates uploading a shell and accessing it under /media/(filename).php, then issuing c...
flatCore CMS 1.5.5 Cross Site Scripting / Arbitrary File Upload
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: =1.5.5 fixed version: 1.5.7 CVE number: - impact: High homepage: https://flatcore.org/ found: 2020-03-2...
Online Book Store 1.0 Code Execution
!/usr/bin/env python3 Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution modified by cesgami Google Dork: N/A Date: 2020-01-07 2020-22-07 Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/...
Online Book Store 1.0 Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python3 Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution modified by cesgami Exploit Author: Tib3rius Vendor Homepage:...
Park Ticketing Management System 1.0 SQL Injection
Exploit Title: Park Ticketing Management System 1.0 - Authentication Bypass Date: 2020-07-13 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Software...
Park Ticketing Management System 1.0 - (viewid) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Park Ticketing Management System 1.0 - 'viewid' SQL Injection Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Online Birth Certificate System 1.0 SQL Injection / Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Online Birth Certificate System - RCE Through SQLi Date: 2020-07-08 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
Exploit Title: Park Ticketing Management System 1.0 - 'viewid' SQL Injection Date: 2020-07-13 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Software...
Online Birth Certificate System 1.0 SQL Injection / Code Execution
Exploit Title: Online Birth Certificate System - RCE Through SQLi Date: 2020-07-08 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/ Software Link:...
Online DJ Booking Management System Project Report 1.0 SQL Injection / Code Execution
Exploit Title: Online DJ Booking Management System Project Report - RCE Through SQLi Authenticated User - admin Date: 2020-07-12 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Online DJ Booking Management System Project Report 1.0 SQL Injection / Code Execution Vulnerabilitie
Exploit for php platform in category web applications Exploit Title: Online DJ Booking Management System Project Report - RCE Through SQLi Authenticated User - admin Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
RiteCMS 2.2.1 - Authenticated Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution Exploit Author: Enes Özeser Vendor Homepage: http://ritecms.com/ Version: 2.2.1 Tested on: Linux 1- Go to following url. http://HOST/cms/ 2- Default username and password is...
RiteCMS 2.2.1 - Authenticated Remote Code Execution
Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution Date: 2020-07-03 Exploit Author: Enes Özeser Vendor Homepage: http://ritecms.com/ Version: 2.2.1 Tested on: Linux CVE: CVE-2020-23934 1- Go to following url. http://HOST/cms/ 2- Default username and password is admin:admin. We mus...
DarkCrewFriends Returns with Botnet Strategy
The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service DDoS attacks, command execution, information...
Defending Exchange servers under attack
Securing Exchange servers is one of the most important things defenders can do to limit organizational exposure to attacks. Any threat or vulnerability impacting Exchange servers should be treated with the highest priority because these servers contain critical business data, as well as highly...
Artica Pandora FMS Code Issue Vulnerability (CNVD-2020-32917)
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in the File Repository Manager feature in Artica Pandora FMS version 7.44. The...
Artica Pandora FMS Code Issue Vulnerability (CNVD-2020-32914)
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in the File Manager feature in Artica Pandora FMS version 7.44. An attacker can exploit...
NSA, ASD Release Guidance for Mitigating Web Shell Malware
The U.S. National Security Agency NSA and the Australian Signals Directorate ASD have jointly released a Cybersecurity Information Sheet CSI on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system...
CVE-2020-10557
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions. Recen...