2122 matches found
Code execution vulnerability in zzzphp
zzphp is a free website building system developed using PHP. A code execution vulnerability exists in zzzphp. An attacker can exploit this vulnerability to execute arbitrary php code and directly obtain a webshell...
File Inclusion Vulnerability in ThinkCMF 2.2.3 Frontend Wid*** File
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. ThinkCMF 2.2.3 file inclusion vulnerability exists in the frontend Wid file. An attacker can exploit this vulnerability to write a webshell and obtain web privileges...
File Inclusion Vulnerability in ThinkCMF 2.2.3 Frontend Plu*** File
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. A file inclusion vulnerability exists in the ThinkCMF 2.2.3 front-end Plu page. An attacker can exploit this vulnerability to write a webshell and obtain web privileges...
PHPCMS ty***.php file suffers from a code injection vulnerability
PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. A code injection vulnerability exists in the PHPCMS ty.php file. An attacker can exploit the vulnerability to write arbitrary...
File upload vulnerability in PHPOK frontend us***.php file
PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. A file upload vulnerability exists in the us.php file in the frontend of PHPOK. Allows attackers to upload webshell and gain server privileges...
Multiple loopholes in the cadre online learning platform of Hangzhou Elite Online Education Technology Co.
Hangzhou Elite Online Education Technology Co., Ltd. is a brand of cadre online learning, and has successfully built large-scale cadre education platforms for leading cadres of many organization ministries and other organs in China, providing solutions for all-round intelligent learning. There is...
Novahot - A Webshell Framework For Penetration Testers
novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python. Beyond executing system commands, novahot is able to emulate interactive terminals...
Recently-Patched Adobe ColdFusion Flaw Exploited By APT
An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found. The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who...
DocCms 2016 version has a file upload vulnerability at the backend templates
DocCMS rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. DocCms 2016 version of the file...
Arbitrary File Upload Vulnerability in the Frontend of Online Training System of Beijing Xinqi Technology Co.
Beijing Xinqi Technology Co., Ltd. is a technical service enterprise specializing in the research and development of training management software. An arbitrary file upload vulnerability exists in the frontend of the online training system of Beijing Xinqi Technology Co. The vulnerability allows a...
Webshell Bypass Vulnerability in Web Security Dog (IIS Edition) V4.0
Website Security Dog IIS Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection features for comprehensive website security. Webshell bypass vulnerability exists in Web Security Dog IIS Edition V4.0. An attacker can...
File Upload Vulnerability in JEECMS v9.3
JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...
File Upload Vulnerability in DESTOON B2B Website Management System
DESTOON B2B website management system is an open source B2B e-commerce industry portal solution based on PHP+MySQL. Currently, it has models of launchers, substations, malls, supply, requisition, quotation, companies, exhibitions, articles, information, PinPong, group purchasing, galleries,...
DedeCMS File Write Vulnerability
DedeCMS is a PHP-based web content management system CMS. A file write vulnerability exists in files in DedeCMS version 5.7 SP2, which can be exploited by an attacker to create a script file and obtain a webshell...
CVE-2018-16785
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell...
CVE-2018-16785
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell...
Design/Logic Flaw
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell...
CVE-2018-16785
The connected sources confirm a concrete vulnerability in DedeCMS v5.7 SP2 (PHP-based CMS): a file-write flaw that attackers can exploit to write a script file and obtain a webshell. This CVE (CVE-2018-16785) is described as affecting DedeCMS 5.7 SP2 with XML injection/file-write mechanics enabli...
CVE-2018-16785
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell...
Click It Up: Targeting Local Government Payment Portals
FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associat...