2122 matches found
CVE-2017-1000125
Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...
CVE-2017-1000125
CVE-2017-1000125 affects Codiad. The vulnerability arises because full-version Codiad allows writing arbitrary data to its installation configuration file, enabling an attacker to upload a webshell. The issue is described consistently across sources as a file upload/configuration write flaw leadi...
TPshop open source mall system 2.0 eval-stdin.php file there is a backdoor default vulnerability
TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . TPshop open source mall system 2.0 eval-stdin.php file has a backdoor vulnerability . Attackers send POST requests containing malicious...
PowerShell Penetration Testing Framework: Nishang
Nishang is an open source framework and collection of powerful PowerShell scripts and payloads that you can use during penetration testing audit, post exploitation phase or other stages of offensive security auditing. Nishang is useful during various phases of a security auditing process and has...
Code execution vulnerability in SDCMS v1.2 themecontroller.php
SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDCMS v1.2 version themecontroller.php code execution vulnerability, the attacker by writing Webshell to obtain server privileges...
Command Execution Vulnerability in MetInfo Version 5.3.19
MetInfo is a Content Management System CMS developed using PHP and Mysql. A command execution vulnerability exists in MetInfo version 5.3.19 patch bypass. After logging in to the system, an attacker can upload a file through the address bar icon, corresponding to change the name of the image file...
File Upload Vulnerability in V5.4 Backstage upload_bm1.asp Page of NetShow Shopping System
Net show shopping system is a shopping site developed with asp + access. A file upload vulnerability exists in the background uploadbm1.asp page of NetShow Shopping System V5.4. It allows an attacker to upload a webshell and gain server privileges...
Apache Tomcat Upload Bypass / Remote Code Execution(CVE-2017-12617)
CVE-2017-12617 CVE-2017-12617 critical Remote Code Execution RCE vulnerability discovered in Apache Tomcat affect systems with HTTP PUTs enabled via setting the "read-only" initialization parameter of the Default servlet to "false" are affected. Tomcat versions before 9.0.1 Beta, 8.5.23, 8.0.47 a...
dedecms最新版本后台getshell
官方下载最新安装包http://updatenew.dedecms.com/base-v57/package/DedeCMS-V5.7-UTF8-SP2.tar.gz 环境:Linux+phpstudy 上传图片抓包 POST /dedecms/include/dialog/selectimagespost.php?CKEditor=body&CKEditorFuncNum=2&langCode=zh-cn HTTP/1.1 Host: Content-Length: 42080 Cache-Control: max-age=0 Origin: http://...
Aerohive Networks HiveManager Remote Shell Upload Exploit
Exploit for hardware platform in category web applications I. BACKGROUND Aerohive Networks HiveManager Classic Online NMS is a cloud-enabled enterprise-class management system for Aerohive networking products. HiveManager Classic Online offers simple policy creation, firmware upgrades, and...
Exploit for Buffer Underflow in Microsoft
github 军火库 web,安全,渗透,军火库 漏洞及渗透练习平台: WebGoat漏洞练习环境 https://github.com/WebGoat/WebGoat https://github.com/WebGoat/WebGoat-Legacy Damn Vulnerable Web Application漏洞练习平台 https://github.com/RandomStorm/DVWA 数据库注入练习平台 https://github.com/Audi-1/sqli-labs 用node编写的漏洞练习平台,like OWASP Node Goat...
Reinstallation Bypass Vulnerability in ZZCMS Version 8.1
ZZCMS is an enterprise website builder. A reinstallation bypass vulnerability exists in ZZCMS version 8.1. The vulnerability is caused by determining whether the lock file is installed at step1, which can be directly submitted by POST to the later steps of the reinstallation, allowing an attacker...
Arbitrary File Upload Vulnerability in OTCMS v2.56
Net Titanium Article Management System OTCMS is a simple and good asp article management system. OTCMS v2.56 has an arbitrary file upload vulnerability. The vulnerability is due to the background upload file did not strictly check the file content and file suffix caused by the attacker is allowed...
XYHCMS \App\Runtime\Data\config\site.php page has an arbitrary file write vulnerability
Xing Yunhai CMS XYHcms is a completely open source CMS content management system. XYHCMS \App\Runtime\Data\config\site.php page has an arbitrary file write vulnerability. Attackers use this vulnerability to obtain server privileges by writing Webshell...
File Upload Vulnerability in Infinite Streaming Media System (AMS) of Beijing Zhongshi Media Technology Co.
Infinite Streaming Media System AMS is a complete set of IP network-based audio/video application platform, integrating CTVTV's live video broadcasting system, video-on-demand VOD system, video broadcasting system and video production sub-systems, aiming to provide users with a complete set of...
Command Execution Vulnerability in Synergy Certification Billing System
Lingfeng authentication billing system is a new generation of RADIUS authentication billing management software developed by Shenzhen Shuangmeng Technology Co., Ltd, which supports standard RADIUS protocol and extended RADIUS protocol. Symphony Authentication Billing System has a command executio...
Two Arbitrary File Upload Vulnerabilities Exist in the Backend of Bunker Buster Machine
Bunker Fortress is the industry's first software form of the Fortress, providing a centralized authentication, centralized access authorization, centralized access management, centralized operation audit and a single point of simplified operation and management required for remote operations and...
ThinkPHP Cache Functions Have Design Flaw Vulnerability
ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. There is a design flaw vulnerability in the ThinkPHP cache function. The vulnerability is due to ThinkPHP in the use of cache data serialization, stored in the php file caused...
SQL Injection and Arbitrary Traversal Download Vulnerabilities in Zhejiang Dahua Intelligent Operation and Maintenance Management System
Zhejiang Dahua Intelligent Operation and Maintenance Platform, based on the field of video surveillance in the security industry, adopts the technologies of intelligent analysis, fault detection and workflow engine, integrates the functions of video quality diagnosis, video recording checking and...
Multiple Vulnerabilities in JeeCMS v8.1 Template Management Function
JEECMS is a JEECMSv8.1 version is a collection of PC Internet, mobile Internet and WeChat website in one of the website group management system. JeeCMS v8.1 template management function exists file write, arbitrary file naming, arbitrary file creation vulnerability. An attacker can exploit the...