2122 matches found
File upload vulnerability in the file li***_ed***.php of the backend management system of Acme CMS
Acme CMS is a CMS builder using PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction. There is a file upload vulnerability in the file lied.php in the background management system of Acme CMS. Attackers can use the vulnerability to upload webshe...
File Upload Vulnerability in Tuan Ah VIP Movie System
Group ah VIP movie system is a set of registered members with proxy version of the VIP movie video watching website source code. There is a file upload vulnerability in Tuan Ah VIP Movie System. Allows attackers to upload webshell and gain server privileges...
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
CNVD-C-2019-48814和CNNVD-201904-961 感谢t00ls-ximcx0101提供脚本 CNVD-...
Instantbox - Get A Clean, Ready-To-Go Linux Box In Seconds
Get a clean, ready-to-go Linux box in seconds. Introduction What is instantbox? It's a project that spins up temporary Linux systems with instant webshell access from any browser. What can an instantbox do? 1. provides a clean Linux environment for a presentation 2. let students experience the...
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF', 'Description' = %q This module exploits an XML external entity vulnerabilit...
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF Exploit
This Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains a...
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
This module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP...
File Upload Vulnerability in ArtCMS Frontend User Modified Avatar Location
ArtCMS is a website management system. A file upload vulnerability exists in ArtCMS at the location where the front-end user modifies his avatar. It allows attackers to upload a webshell and gain server privileges...
File upload vulnerability in tx***_fi***.php file in TextpatternCMS backend
TextpatternCMS is a content management system written in PHP. A file upload vulnerability exists in the txfi.php file in the backend of TextpatternCMS. It allows an attacker to upload a webshell and gain server privileges...
File upload vulnerability in DedeCMS al***_ed***.php file
Dream Content Management System DedeCMS is a PHP open source website management system. A file upload vulnerability exists in the DedeCMS aled.php file. Allows an attacker to upload a webshell and gain server privileges...
File Upload Vulnerability in QCMS 3.0.1 Backend
QCMS website management system is a PHP lightweight system developed through MVC architecture. A file upload vulnerability exists in QCMS version 3.0.1. An attacker can exploit the vulnerability to forge bypass the background login, upload webshell, and gain server privileges...
File Upload Vulnerability in the DB***.aspx Page of the Backend of Ice Order Treasure
Ice point ordering treasure is unit enterprise internal canteen ordering management software, through the cell phone APP WeChat ordering, for canteen ordering consumption management. There is a file upload vulnerability in the DB.aspx page in the background of Freezing Point Food Ordering Treasur...
CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload
CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload !/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org...
File Upload Vulnerability in MyfCMS v2.0
MyfCMS is a PHP+Mysql content management system. A file upload vulnerability exists in MyfCMS v2.0, which can be exploited by attackers to upload a webshell and gain server privileges...
Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution
Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution !/usr/bin/env python Exploit Title: FlexPaper PHP Publish Service = 2.3.6 RCE Date: March 2019 Exploit Author: Red Timmy Security - redtimmysec.wordpress.com Vendor Homepage: https://flowpaper.com/download/ Version: = 2.3.6 Tested on:...
OFCMS background upload file upload vulnerability
OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS background upload, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...
File upload vulnerability in OFCMS backend ueditor uploadVideo
OFCMS is a content management system developed based on java technology. A file upload vulnerability exists in the OFCMS backend ueditor uploadVideo, which can be exploited by an attacker to upload a webshell and gain access to the server, posing an information leakage and operational security ri...
OFCMS backend ueditor uploadImage file upload vulnerability
OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS backend ueditor uploadImage, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...
OFCMS backend ueditor uploadScrawl file upload vulnerability
OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS backend ueditor uploadScrawl, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...
File upload vulnerability in OFCMS backend ueditor uploadFIle
OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS backend ueditor uploadFIle, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...