Code Execution Vulnerability in Rice CMS v5.9.9

DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. A code execution vulnerability exists in Daimi CMS v5.9.9, which is caused by the...

File upload vulnerability in ShopsN v2.2.5 official front-end AppUploadController.class.php page

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of open source online store full network system. ShopsN v2.2.5 official version of the front AppUploadController.class.php page file upload...

File upload vulnerability in the AppUploadController.class.php page in the frontend of ShopsN v2.2.5 official version (CNVD-2018-02969)

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. ShopsN v2.2.5 official version of the front AppUploadController.class.php page file...

Cybercriminals target early IRS 2018 refunds now

On Monday, Jan 29th, IRS officially opened its 2018 season. Some taxpayers already filed their taxes and cybercriminals know it too. So, right after two days of the official 2018 season opening, we got phishing messages with a fake refund status Websites: The link in the email leads to a hacked...

Arbitrary File Creation Vulnerability in YidaCMS Web Management System JS1.8.0 Version

YidaCMS website management system is a simple, practical and efficient website builder. YidaCMS website management system JS1.8.0 version exists arbitrary file creation vulnerability, the attacker through the creation of parsable script file, edit and save the Trojan code will be injected into th...

Renaming Vulnerability in YidaCMS Web Management System JS 1.8.0 Version

YidaCMS website management system is a simple, practical and efficient website builder. A renaming vulnerability exists in version JS1.8.0 of the YidaCMS website management system, which allows an attacker to upload an image Trojan using the kingeditor editor employed by the website and rename th...

Rename vulnerability in ourphp v1.8.0

Ourphp website building system is a php+mysql website building system. ourphp v1.8.0 version exists renaming vulnerability, the attacker will Trojan horse code injected into the edited file, rename the file as an executable script file, so as to obtain the website webshell...

File upload vulnerability in ourphp v1.8.0

Ourphp website building system is a php+mysql website building system. ourphp v1.8.0 version of the existence of file upload vulnerability, attackers can be edited through the background online template comes with the upload point to upload any suffix file and write a script Trojan, so as to obta...

Arbitrary File Creation Vulnerability in ourphp v1.8.0

Ourphp website building system is a php+mysql website building system. ourphp v1.8.0 version of the existence of arbitrary file creation vulnerability, the attacker can be edited through the background of the online template comes with the creation point to create any suffix file and write Trojan...

Code Execution Vulnerability in YidaCMS Web Management System JS1.8.0 Version

YidaCMS website management system is a simple, practical and efficient website builder. A code execution vulnerability exists in version JS1.8.0 of the YidaCMS website management system, which allows an attacker to obtain a website webshell by editing any parsable script file within the website a...

Local File Inclusion Vulnerability in phpyun v4.3.1 Beta

PHP cloud talent system phpyun is an open source talent and enterprise job search recruitment, hiring solutions built using PHP and MySQL database. A local file inclusion vulnerability exists in phpyun v4.3.1 Beta. An attacker can obtain a webshell by including an external php file to execute a...

OTCMS PHP_V2.83 code execution vulnerability in sysCheckFile_deal.php file

Nettitanium Article Management System OTCMS is a news/article publishing website using PHP+sqlite/mysql. A code execution vulnerability exists in the OTCMS PHPV2.83 sysCheckFiledeal.php file. An attacker can obtain a webshell by executing sql statements and writing a one-sentence trojan...

Webshell Bypass Vulnerability in Web Security Dog (IIS Edition)

Website Security Dog IIS Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection features for comprehensive website security. Webshell bypass vulnerability exists in Web Security Dog IIS Edition. An attacker can uplo...

File upload vulnerability in ecshop V3.6 backend

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. A file upload vulnerability exists in the...

D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities

Table of contents 00 - Introduction 00.1 Background 01 - Unrestricted File Upload 01.1 - Vulnerable code analysis 01.2 - Remote exploitation 02 - Command Injection 02.1 - Vulnerable code analysis 02.2 - Remote exploitation 03 - Credit 04 - Proof of concept 05 - Solution 06 - Contact information 0...

Code Execution Vulnerability in DouPHP V1.3

Douphp is a lightweight enterprise website management system based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. A code execution vulnerability exists in DouPHP V1.3. Allow attackers to exploit the vulnerability to write webshell, execute arbitrary cod...

Code Execution Vulnerability in YUNUCMS 1.0.6

YUNUCMS is a three-network, open source content management system with its own substation system. YUNUCMS version 1.0.6 has a code execution vulnerability, attackers can get webshell by writing PHP code in the configuration file...

Code execution vulnerability in DedeCMS V5.7 SP2 dedesys_info.php file

Weaving dream content management system DedeCms is a PHP open source website management system. DedeCMS V5.7 SP2 dedesysinfo.php file has a code execution vulnerability. The vulnerability is due to change the system configuration , parameters are not filtered directly into the database , from the...

ECShop 3.6 version of the background template.php file file upload vulnerability

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. A file upload vulnerability exists in the...

Code execution vulnerability in DedeCMS V5.7 SP2 dede/sys_sql_query.php file

Weaving dream content management system DedeCms is a PHP open source website management system. A code execution vulnerability exists in the DedeCMS V5.7 SP2 dede/syssqlquery.php file. An attacker can obtain a webshell by executing a sql statement and writing a one-sentence Trojan...