File Upload Vulnerability in OKCMS Web Content Management System of Zibo Oukai Information Technology Co.

Zibo Oukai Information Technology Co., Ltd. is a localized Internet company specializing in station building + promotion + operation in one. A file upload vulnerability exists in the OKCMS web content management system of Zibo Oukai Information Technology Co. An attacker can exploit the...

File Upload Vulnerability in Multiple Versions of Intimate Home Care Intimate Cat (imcat)

Intimate Cat imcat is a general-purpose website system designed in PHP+MySQL architecture. File upload vulnerability exists in several versions of Sticky Home Sticky Cat imcat. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

Gym Management System 1.0 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Gym Management System 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://projectworlds.in/ Software Link:...

Carina - Webshell, Virtual Private Server (VPS) And cPanel Database

Carina is a web application used to store webshell, Virtual Private Server VPS and cPanel data. Carina is made so that we don't need to store webshell, VPS or cPanel data in "strange places". Screenshots Install Carina 1. $ git clone https://github.com/c0delatte/carina && cd carina 2. Run compose...

Nishang - Offensive PowerShell For Red Team, Penetration Testing And Offensive Security

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. By nikhilmitt Usage Import all the scripts in the current PowerShell session...

Gym Management System 1.0 Remote Code Execution

Exploit Title: Gym Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Date: May 21th, 2020 Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/gym-management-system-project-in-php/ Version: 1.0 Teste...

ACal 2.2.6 Remote Code Execution

Exploit Title: ACal v2.2.6 - 1-Click Remote Code Execution Exploit Author: Bobby Cooke Date: May 14th, 2020 Vendor Homepage: http://acalproj.sourceforge.net/ Software Link: http://prdownloads.sourceforge.net/acalproj/ACal-2.2.6.tar.gz?download Version: 2.2.6 Tested On: Windows 10 Pro 1909 x6486 +...

ACal 2.2.6 Remote Code Execution Exploit

Exploit Title: ACal v2.2.6 - 1-Click Remote Code Execution Exploit Author: Bobby Cooke Date: May 14th, 2020 Vendor Homepage: http://acalproj.sourceforge.net/ Software Link: http://prdownloads.sourceforge.net/acalproj/ACal-2.2.6.tar.gz?download Version: 2.2.6 Tested On: Windows 10 Pro 1909 x6486 +...

Remote Command Execution Vulnerability in Hard Disk Recorder of Zhejiang YUV Technology Co.

Founded in 2011, Zhejiang Yusi Technology Co., Ltd Yusi is a global solution provider for public safety and intelligent transportation. Zhejiang YUVE Technology Co., Ltd. hard disk recorders exist remote command execution vulnerability, an attacker can use the vulnerability to execute system...

YouDianCMS suffers from a file upload vulnerability (CNVD-2020-31729)

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. YouDianCMS has a file upload vulnerability. Attackers can use the vulnerability to upload webshel...

Arbitrary File Upload Vulnerability in Joomla! ordasoft-cck Component

Developed with PHP language and MySQL database, Joomla! is a content management system. An arbitrary file upload vulnerability exists in the Joomla! ordasoft-cck component. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File upload vulnerability in imcat backend

Intimate cat imcat is a PHP + MySQL architecture and design of a general-purpose website system, simple, lightweight, practical, sharing, permanent open source free of charge. There is a file upload vulnerability in the imcat backend. Attackers can use this vulnerability to upload webshell, get...

File upload vulnerability in PopojiCMS ad***_co***.php file

PopojiCMS is a content management system. A file upload vulnerability exists in the PopojiCMS adco.php file. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File upload vulnerability in PopojiCMS ad***_th***.php file

PopojiCMS is a content management system. A file upload vulnerability exists in the PopojiCMS adth.php file. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

PHP-Fusion 'Edit Profile' Arbitrary File Upload Vulnerability

PHP-Fusion is a lightweight open source content management system . It uses mySQL database to store site content and provide a simple , comprehensive back-end management system . PHP-Fusion includes most of the CMS system has the functionality . PHP-Fusion 'Edit Profile' has an arbitrary file...

File upload vulnerability in Extreme CMS backend (CNVD-2020-31518)

Extreme CMS is an open source PHPCMS web content management system. A file upload vulnerability exists in the backend of Extreme CMS. Attackers can use the vulnerability to upload webshell and get server privileges...

Serious Exchange Flaw Still Plagues 350K Servers

Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability – nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. The vulnerability in question CVE-2020-0688 exists in the control panel of...

File Upload Vulnerability in kitecms 5.1.38

KiteCMS open source web content management system CMS, the system is based on the framework ThinkPHP5.1. version of the development , suitable for individuals, enterprises to quickly build stations and development needs. kitecms 5.1.38 file upload vulnerability , attackers can use the vulnerabili...

WordPress Plugin Event-Registration Arbitrary File Upload Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. An arbitrary file upload vulnerability exists in the WordPress plugin Event-Registration,...

Scanners-Box

This is a collection of open-source scanning tools, referred to as "Scanners Box" or "scanbox." The project is a repository of various tools for scanning and testing web applications, IoT devices, and other targets. The tools are primarily used for vulnerability scanning, penetration testing, and...