File Upload Vulnerability in DedeCMS V5.7 SP2

Weaving dream content management system DedeCms is a PHP open source website management system. DedeCMS V5.7 SP2 version of the file upload vulnerability exists, the vulnerability is due to the interface failed to effectively filter the uploaded files, the attacker can use the vulnerability to...

Code Execution Vulnerability in DedeCMS V5.7 SP2

Weaving dream content management system DedeCms is a PHP open source website management system. A code execution vulnerability exists in the filemanagecontrol.php file in DedeCMS V5.7 SP2, which can be exploited by an attacker to upload a file and obtain a webshell...

Code execution vulnerability in DedeCMS V5.7 SP2 (CNVD-2018-01221)

Weaving dream content management system DedeCms is a PHP open source website management system. DedeCMS V5.7 SP2 version of the tpl.php there is a code execution vulnerability, an attacker can use the vulnerability in the addition of new tags to upload a Trojan horse, get webshell...

DedeCMS V5.7 SP2 suffers from file upload vulnerability (CNVD-2018-01222)

Weaving dream content management system DedeCms is a PHP open source website management system. DedeCMS V5.7 SP2 version of the dede/tpl.php file file upload vulnerability, an attacker can use the vulnerability to upload script files, can get webshell...

Remote Code Execution Vulnerability in MetInfo Version 5.3.19

MetInfo is a Content Management System CMS developed using PHP and Mysql. A remote code execution vulnerability exists in MetInfo version 5.3.19, which can be exploited by an authenticated remote attacker to obtain a webshell and gain control of the server...

Weak password and remote command execution vulnerability in Lenovo firewalls

LFW800E is a Gigabit intelligent firewall developed by Lenovo Skyworks Networks for medium-sized enterprise users' network security applications. The Lenovo firewall has weak password and remote command execution vulnerabilities, which can be exploited by an attacker to successfully log in to the...

Cross-site request forgery vulnerability in DedeCMS v5.7 backend administration at custom tags

DedeCMS is a PHP open source website management system. A cross-site request forgery vulnerability exists in DedeCMS v5.7 at the backend administration custom tags. An attacker can exploit the vulnerability by submitting a specially crafted request to write to WebShell...

File Upload Vulnerability in Thunderwind Movie CMS V3.3.0 UsersController.class.php Page

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind Movie CMS V3.3.0 File upload vulnerability exists in the UsersController.class.php page. Allows an...

NiuShop open source mall system v1.21 file upload vulnerability

NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a set of PHP open source e-commerce system . NiuShop open source mall system v1.21 file upload vulnerability exists. The vulnerability is due to the...

Hangzhou Allview Software Co., Ltd. college security integrated platform upLoadAttachment.php page has file upload vulnerability

Hangzhou Allview Software Co., Ltd. is a multinational company specializing in fire safety management. A file upload vulnerability exists in the upLoadAttachment.php page of the university security integrated platform of Hangzhou Allview Software Co. It allows attackers to exploit the vulnerabili...

Command Execution Vulnerability in SOC8000 IP-PBX of Shenou Communication Equipment Co.

SOC8000 IP-PBX is a new generation of carrier-grade unified communication system. Command execution vulnerability exists in SOC8000 IP-PBX of Shenou Communication Equipment Co. It allows the attacker to construct specific code to remotely execute commands, write webshell, and obtain server...

Remote command execution vulnerability in NetMizer log management system qq.php file

The NetMizer log management system is a stand-alone log management and analysis tool. A remote command execution vulnerability exists in the NetMizer Log Management System qq.php file, allowing an attacker to upload a webshell and gain server privileges...

Multiple Vulnerabilities in Yunyou CMS Enterprise Website Management System

Yunyou CMS enterprise website management system is a professional marketing enterprise building system based on PHP + MYSQL as the core development. A file upload and reflective cross-site scripting vulnerability exists in the CloudUnion CMS enterprise website management system. The vulnerability...

File Inclusion Vulnerability in Ocean CMS V6.57 cache.inc.php file

Ocean CMS seacms is a video-on-demand system designed for webmasters with different needs. A file inclusion vulnerability exists in the ocean CMS V6.57 cache.inc.php file. The vulnerability is due to the background modification of the configuration file at the user input is not filtered, the...

File Upload Vulnerability in YUNUCMS 1.0.2

YUNUCMS is a three-network, open source content management system with its own substation system. YUNUCMS 1.0.2 version of the background file upload vulnerability exists, the vulnerability is due to the background upload failed to effectively filter the upload suffix. Attackers can use this...

Codiad File Upload Vulnerability

Codiad is a set of Web-based IDE framework , it contains a project / file manager and code editor , mainly used for online writing and editing code . A file upload vulnerability exists in Codiad. An attacker can exploit this vulnerability to upload a webshell during installation...

Command Execution Vulnerability in SessionCom Conference Call System

The conference call system is integrated with EasyMeeting Web to realize the integration of teleconferencing and web conferencing, and will be integrated with Microsoft, IBM and other industry mainstream office application software, so that the enterprise's meeting and office processes more...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

Design/Logic Flaw

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...