309 matches found
CVE-2017-7432
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability...
CVE-2017-7432
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability...
CVE-2017-7432
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability...
Arbitrary file upload vulnerability in the Uploading.ashx file of MicroXia e-learning platform
Micro Xia Online Learning Platform is an online education system based on B/S architecture. An arbitrary file uploading vulnerability exists in the Uploading.ashx file of the Weixia Online Learning Platform. It allows attackers to exploit the vulnerability to upload webshell and gain server...
CVE-2017-7625
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/apptheme/libs/savefile.php" and then execute code...
CVE-2017-7625
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/apptheme/libs/savefile.php" and then execute code...
Arbitrary Command Execution Vulnerability in Knight CMS
Knight CMS Talent System is a professional talent system based on PHP+MYSQL. Knight CMS version 4.1.0 suffers from an arbitrary command execution vulnerability. Due to the Knight CMS V4.1.0 using the tp framework there is a template engine remote code execution vulnerability. Attackers can exploi...
Fckeditor Arbitrary File Upload Vulnerability and Directory Traversal Vulnerability in Office System of Ningbo Jieda Software Co.
Jeedaa ERP software is designed for domestic small and medium-sized manufacturing enterprises that produce or process on their own, and at the same time incidentally carry out sales. Jeedaa Office Management System Jeedaa OA is a collaborative office management platform. Jeeda eHR is used to...
Arbitrary File Write Vulnerability in FineCMS Backend
FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. An arbitrary file write vulnerability exists in the config/site.ini.php page of the FineCMS backend. Allows attackers to upload webshell and gain server privileges...
Arbitrary File Upload Vulnerability in NetSense SECWORLD VPN
NetSense SECWORLD VPN is a secure access gateway system. NetShen SECWORLD VPN has an arbitrary file upload vulnerability. The /admin/account/useraddaction.php page has no restrictions on file uploads, allowing an attacker to directly upload a webshell and gain server privileges...
File upload vulnerability in the file /userweb/php/index/daPing.class.php of the Tibus Communications call center system
The core of Tibco's call center system is a communication-based system for internal and external corporate communication. A file upload vulnerability exists in the file /userweb/php/index/daPing.class.php in the Tibco Call Center System. The vulnerability allows an attacker to upload a webshell a...
Enterprise Intelligence Series Internet Behavior Management Appliances Exposed to Arbitrary File Upload Vulnerability
The Enterprise Intelligence series of Internet behavior management devices are dedicated to preventing the malicious spread of illegal information. An arbitrary file upload vulnerability exists in the EIZO series of Internet behavior management devices. An attacker can use the vulnerability to...
Airia - Arbitrary File Upload
Exploit Title: Airia - Webshell Upload Vulnerability Date: 2016-06-20 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ytyng.com Software Link: https://github.com/ytyng/airia/archive/master.zip Version: Latest commit Tested on: Debian wheezy require "net/http"...
Airia Shell Upload
Exploit Title: Airia - Webshell Upload Vulnerability Date: 2016-06-20 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ytyng.com Software Link: https://github.com/ytyng/airia/archive/master.zip Version: Latest commit Tested on: Debian wheezy require "net/http"...
Multiple Vulnerabilities in Beijing Wisdom Technology v2 Video Conferencing System
Beijing Wisdom Technology v2 Video Conferencing System is a video conferencing system. There are several vulnerabilities in the v2 Video Conferencing System. It allows attackers to upload webshell and gain server privileges...
LebiShop Mall Backend Arbitrary File Write Vulnerability
LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The mall system's management background provides a system template file editing function, the function of the page file parameters have not been strict...
Arbitrary File Download and Backdoor Vulnerability in Call Center System of Shenzhen Jishu Communication Co.
Ltd. The kernel of the call center system is the communication-based enterprise internal and external communication and liaison system, and the core part is the switching system PBX Private Branch Exchange. There are arbitrary file downloads and backdoor vulnerabilities in the call center system ...
Multiple vulnerabilities in the Nepalese national government's common website building system
Nepal National Government Universal System NGUS is a website builder system. There are multiple vulnerabilities in the NGN Universal System that can be exploited by an attacker to obtain sensitive information from the database, upload a webshell, and gain access to the server...
Digital Paradise Mobile Office Middleware Interface Arbitrary File Write Vulnerability
Digital Paradise's MKey3G mobile office middleware is an enterprise-oriented application BYOD middleware platform, which has been widely used in energy, finance, government and enterprises. There is an arbitrary file writing vulnerability in the interface of Digital Paradise's mobile office...
E-commerce platform of Beijing 3D World Technology Co., Ltd. suffers from java deserialization vulnerability
Ltd. is a professional software and application service provider of domestic inspection and testing management platform, master data management platform, e-commerce platform and so on. A java deserialization vulnerability exists in the e-commerce platform of Beijing 3D World Technology Co., Ltd...