ASUSTOR ADM Remote Command Execution Vulnerability

ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A security vulnerability exists in ASUSTOR ADM version 3.1.0.RFQ3, which stems from the program using the same default username and password as the NAS. An attacker could exploit the vulnerability to log in...

File Upload Vulnerability in Servcorp Highway Project Management Information System

Servcorp Highway Project Management Information System is an engineering project management platform developed for project participants. A file upload vulnerability exists in the Servcorp Expressway Project Management Information System. The vulnerability stems from the failure to strictly restri...

CVE-2018-11509

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

CVE-2018-11509

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

Default credentials

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

CVE-2018-11509

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

ShopsN open source online store full network system SQL injection vulnerabilities exist

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN v2.3.3 official version of the existen...

ShopsN open source online store full web system suffers from SQL injection vulnerability (CNVD-2018-17332)

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN v2.3.3 official version of the existen...

File Upload Vulnerability in WSS Project Management System

WSS Project Management System is a browser-based collaborative office platform that integrates "Project Management", "Task Management", "Work Hour Management", "Work Log Management" and "Work Log Management". management" as one of the collaborative office platform. An arbitrary file upload...

Arbitrary File Upload Vulnerability in UCMS Version 1.4.6

UCMS is a simple open source content management system, it can be very convenient to quickly develop various kinds of enterprise station, article station and station system. A file upload vulnerability exists in the \ucms\sadmin\fi.php page of UCMS version 1.4.6. An attacker can exploit the...

Arbitrary File Editing Vulnerability in UCMS Version 1.4.6

UCMS is a simple open source content management system, which can be used to quickly develop a variety of enterprise stations, article stations and station systems. UCMS version 1.4.6 \ucms\sadmin\fi.php page arbitrary file editing vulnerability. An attacker can exploit the vulnerability to edit...

ShopsN open source online store system adHandle function there are SQL injection vulnerabilities

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN 2.3.3 official version of the adHandle...

Multiple vulnerabilities in jspxcms

jspxcms is an open source content management system based on java and jsp technology . jspxcms cross-site request forgery and reflective cross-site scripting vulnerabilities. Attackers can use the vulnerability to send scripts containing malicious links , to be reviewed by the administrator can b...

File Upload Vulnerability in BEESCMS Enterprise Website Management System V4.0

BEESCMS is a scalable content management system CMS based on PHP and MySQL. A file upload vulnerability exists in BEESCMS Enterprise Website Management System V4.0. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

phpMyAdmin 4.8.1 Local File Inclusion

The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long as we bypass the 55 to 59 restrictions on the line Lin...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion Vulnerability

Exploit for php platform in category web applications The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long ...

phpmyadmin4.8.1后台getshell

官网下载的最新版，文件名是phpMyAdmin-4.8.1-all-languages.zip 问题就出现在了 /index.php 找到5563行 第61行出现了 include $REQUEST'target'; 很明显这是LFI的前兆，我们只要绕过5559的限制就行 第57行限制 target 参数不能以index开头 第58行限制 target 参数不能出现在 $targetblacklist 内 找到 $targetblacklist 的定义： 就在 /index.php 的第50行 只要 target 参数不是 import.php 或 export.php...

Prowli Malware Targeting Servers, Routers, and IoT Devices

After the discovery of massive VPNFilter malware botnet, security researchers have now uncovered another giant botnet that has already compromised more than 40,000 servers, modems and internet-connected devices belonging to a wide number of organizations across the world. Dubbed Operation Prowli,...

Code Execution Vulnerability in UQCMS B2B2C Multi-merchant E-commerce System Backend Templates

B2B2C multi-merchant e-commerce system is combined with years of e-commerce development experience to launch the B2B2C multi-store system. There is a code execution vulnerability in the backend template of UQCMS B2B2C Multi-merchant E-commerce System. Attackers can use this vulnerability to write...

GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution Vulnerabilities

Exploit for php platform in category web applications Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11670 An issue...