CVE-2018-1000659

LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a...

CVE-2018-1000659

LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a...

PHP7CMS has a file upload vulnerability

PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. PHP7CMS has a file upload vulnerability. Allows attackers to upload webshell and gain server privileges...

SQL Injection and File Upload Vulnerabilities in Dimix ERP Office System of Shanghai Demisa Information Technology Co.

Shanghai Demisa Information Technology Co., Ltd. is a company that develops and sells intelligent office management software. A SQL injection and file upload vulnerability exists in the Dimix ERP office system of Shanghai Demisa Information Technology Co. An attacker can exploit the vulnerabiliti...

ASUSTOR ADM Remote Command Execution Vulnerability

ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A security vulnerability exists in ASUSTOR ADM version 3.1.0.RFQ3, which stems from the program using the same default username and password as the NAS. An attacker could exploit the vulnerability to log in...

CVE-2018-11509

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

CVE-2018-9157

An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude...

CVE-2018-9157

An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude...

CVE-2018-9156

An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude modul...

CVE-2018-9156

An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude modul...

CVE-2018-9156

An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude modul...

Cross site request forgery (csrf)

DISPUTED An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server...

PT-2018-18894 · Axis +1 · Axis M1033-W +1

Name of the Vulnerable Software and Affected Versions: AXIS M1033-W IP camera Firmware version 5.40.5.1 Description: An issue was discovered where the upload web page does not verify the file type, allowing an attacker to upload a webshell by making a fileUpload.shtml request for a custom .shtml...

PT-2018-18893 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: AXIS P1354 IP camera Firmware version 5.90.1.1 Description: An issue was discovered where the upload web page does not verify the file type, allowing an attacker to upload a webshell by making a fileUpload.shtml request for a custom .shtml...

YUNUCMS v1.0.7 \app\admin\controller\Upgrade.php has file upload vulnerability

YUNUCMS enterprise website management system YUNUCMS is a set of professional marketing enterprise building system based on PHP + MYSQL as the core development. YUNUCMS v1.0.7 \app\admin\controller\Upgrade.php has a file upload vulnerability. Allows an attacker to upload a webshell and gain serve...

File Upload Vulnerability in Monstra CMS Backend "Install New Plugin

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A file upload vulnerability exists in the "Install New Plugin" section of the Monstra CMS backend. The...

File Upload Vulnerability in QCMS Version 3.0.1

QCMS website management system is a PHP lightweight system developed through MVC architecture. A file upload vulnerability exists in QCMS version 3.0.1. An attacker can exploit the vulnerability to forge bypass the background login, upload webshell, and gain server privileges...

Webshell Bypass Vulnerability in Web Security Dog (IIS Edition)

Website Security Dog IIS Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection features for comprehensive website security. Webshell bypass vulnerability exists in Web Security Dog IIS Edition. An attacker can uplo...

Weak password and remote command execution vulnerability in Lenovo firewalls

LFW800E is a Gigabit intelligent firewall developed by Lenovo Skyworks Networks for medium-sized enterprise users' network security applications. The Lenovo firewall has weak password and remote command execution vulnerabilities, which can be exploited by an attacker to successfully log in to the...

File Upload Vulnerability in Thunderwind Movie CMS V3.3.0 UsersController.class.php Page

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind Movie CMS V3.3.0 File upload vulnerability exists in the UsersController.class.php page. Allows an...