Hangzhou Allview Software Co., Ltd. college security integrated platform upLoadAttachment.php page has file upload vulnerability

Hangzhou Allview Software Co., Ltd. is a multinational company specializing in fire safety management. A file upload vulnerability exists in the upLoadAttachment.php page of the university security integrated platform of Hangzhou Allview Software Co. It allows attackers to exploit the vulnerabili...

Remote command execution vulnerability in NetMizer log management system qq.php file

The NetMizer log management system is a stand-alone log management and analysis tool. A remote command execution vulnerability exists in the NetMizer Log Management System qq.php file, allowing an attacker to upload a webshell and gain server privileges...

File Inclusion Vulnerability in Ocean CMS V6.57 cache.inc.php file

Ocean CMS seacms is a video-on-demand system designed for webmasters with different needs. A file inclusion vulnerability exists in the ocean CMS V6.57 cache.inc.php file. The vulnerability is due to the background modification of the configuration file at the user input is not filtered, the...

Codiad File Upload Vulnerability

Codiad is a set of Web-based IDE framework , it contains a project / file manager and code editor , mainly used for online writing and editing code . A file upload vulnerability exists in Codiad. An attacker can exploit this vulnerability to upload a webshell during installation...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

Code execution vulnerability in SDCMS v1.2 themecontroller.php

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDCMS v1.2 version themecontroller.php code execution vulnerability, the attacker by writing Webshell to obtain server privileges...

Reinstallation Bypass Vulnerability in ZZCMS Version 8.1

ZZCMS is an enterprise website builder. A reinstallation bypass vulnerability exists in ZZCMS version 8.1. The vulnerability is caused by determining whether the lock file is installed at step1, which can be directly submitted by POST to the later steps of the reinstallation, allowing an attacker...

Arbitrary File Upload Vulnerability in OTCMS v2.56

Net Titanium Article Management System OTCMS is a simple and good asp article management system. OTCMS v2.56 has an arbitrary file upload vulnerability. The vulnerability is due to the background upload file did not strictly check the file content and file suffix caused by the attacker is allowed...

File Upload Vulnerability in Infinite Streaming Media System (AMS) of Beijing Zhongshi Media Technology Co.

Infinite Streaming Media System AMS is a complete set of IP network-based audio/video application platform, integrating CTVTV's live video broadcasting system, video-on-demand VOD system, video broadcasting system and video production sub-systems, aiming to provide users with a complete set of...

SQL Injection and Arbitrary Traversal Download Vulnerabilities in Zhejiang Dahua Intelligent Operation and Maintenance Management System

Zhejiang Dahua Intelligent Operation and Maintenance Platform, based on the field of video surveillance in the security industry, adopts the technologies of intelligent analysis, fault detection and workflow engine, integrates the functions of video quality diagnosis, video recording checking and...

Multiple Vulnerabilities in JeeCMS v8.1 Template Management Function

JEECMS is a JEECMSv8.1 version is a collection of PC Internet, mobile Internet and WeChat website in one of the website group management system. JeeCMS v8.1 template management function exists file write, arbitrary file naming, arbitrary file creation vulnerability. An attacker can exploit the...

ourphp ourphp_filebox.php write any file vulnerability in frontend

OURPHP is a PHP+MySQL based development of W3C standard building system. ourphp v1.7.3 ourphpfilebox.php exists a write arbitrary file vulnerability in the frontend, due to the program fails to effectively examine the data submitted by visitors. Attackers use the vulnerability by writing Trojan...

File upload vulnerability in the latest version of metinfo

metinfo cms is an enterprise website management system with PHP Mysql architecture. A file upload vulnerability exists in metinfo cms due to the system not effectively filtering the depth variable. An attacker can use this vulnerability to bypass the include file and upload a webshell to gain...

St2-045 Remote Command Execution Vulnerability in Dieppe UMC Unified Management Center

As a unified management platform of DIPPER Technology, UMC carries out componentized management for the whole series of DIPPER products. Each type of product can be added to the platform in the form of components, and each component can be deeply and intelligently related to each other, so as to...

Two File Upload Vulnerabilities Exist in Website Builder Star Backend

Ltd., is a cloud computing-based Internet application service provider. There are file upload vulnerabilities in the background of sitestar 1 banner scroll bar edit-select single image upload and 2 product management in the background-edit more image upload. Allow attackers to upload webshell and...

finecms has a csrf vulnerability

FineCMS is a content management system based on PHP+MySql. A CSRF vulnerability exists in the finecms backend form for executing SQL, which can be exploited by attackers to trick administrators into clicking on a malicious link to execute SQL statements and write a webshell to gain server...

Arbitrary File Upload Vulnerability in 'ExamFileUp.ashx' File of MicroXia Online Learning Platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. An arbitrary file upload vulnerability exists in the 'ExamFileUp.ashx' file of MicroXia Online Learning Platform. It allows attackers to upload webshell and gain server privileges...

Arbitrary file upload vulnerability in the action/fileUpload.asp file of the Access Specialist management system

Despatch Access Specialist Management System is a CATI software that integrates telephone access, call center, and web survey into one; a CATI software that provides hosted services with "Cloud Computing" and "SaaS Model". An arbitrary file upload vulnerability exists in the action/fileUpload.asp...

Novell iManager and NetIQ iManager File Upload Vulnerability

Novell iManager is a WEB-based application from Novell, Inc. that allows you to use wireless devices to manage and configure Novell eDirectory objects.NetIQ iManager is a WEB-based application from NetIQ, Inc. that allows you to use wireless devices to manage and configure eDirectory objects. A...