CVE-2017-7432

CVE-2017-7432 affects Novell iManager 2.7.x prior to 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x prior to 3.0.3.1. The connected records confirm a webshell upload vulnerability in these versions. No explicit root cause, exploit details, or impact beyond webshell upload are provided in the documen...

Arbitrary File Upload Vulnerability in Dahua Alarm Operation and Management Platform Devices

Dahua Alarm Center Management Platform is a comprehensive system solution centered on alarm reception and processing. Arbitrary file upload vulnerability exists in the device/emap/gis/bitmap/modify.jsp page of Dahua alarm operation and management platform. It allows an attacker to upload a webshe...

File upload vulnerability in semcms shqk_Admin/SEMCMS_Upfile.php file

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox and other mainstream browsers.SemCms php version written in php language, combined with apache, in window, or linux system to run. Semcms...

Arbitrary file upload vulnerability in the Uploading.ashx file of MicroXia e-learning platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. An arbitrary file uploading vulnerability exists in the Uploading.ashx file of the Weixia Online Learning Platform. It allows attackers to exploit the vulnerability to upload webshell and gain server...

Symphony CMS <= 2.6.11 RCE Vulnerability

Symphony CMS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CSRF Vulnerability in Ocean CMS V6.48

Ocean Movie System aka Ocean CMS seacms is a PHP movie system. There is a CSRF vulnerability in the back-end SQL execution form of Ocean CMS, which can be exploited by attackers to trick administrators into clicking on malicious links to execute SQL statements and write webshell to gain server...

YXCMS backend new template with SQL execution function has arbitrary file write vulnerability

Yxcms is an enterprise building system based on PHP and mysql technology. YXCMS backend new templates and SQL execution function has arbitrary file write vulnerability, attackers can exploit the vulnerability to write webshell, get server privileges...

Arbitrary code execution vulnerability in FineCms backend controllers\admin\MemberController.php page

FineCMS is a content management system developed using MVC architecture and PDO database interface. An arbitrary code execution vulnerability exists in the Finecms backend controllers\admin\ MemberController.php page. Because the submitted data is not effectively filtered, an attacker can exploit...

Symphony CMS Remote Code Execution Vulnerability

Symphony CMS is a content management system CMS developed in PHP and MySQL. The system supports search engine optimization, module extension and so on. A remote code execution vulnerability exists in the symphony/content/content.blueprintsdatasources.php file in Symphony CMS 2.6.11 and earlier...

Remote code execution

Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor...

CVE-2017-7694

Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor...

CVE-2017-7694

Symphony CMS

CVE-2017-7625

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/apptheme/libs/savefile.php" and then execute code...

Code injection

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/apptheme/libs/savefile.php" and then execute code...

CVE-2017-7625

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/apptheme/libs/savefile.php" and then execute code...

CVE-2017-7625

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/apptheme/libs/savefile.php" and then execute code...

CVE-2017-7625

CVE-2017-7625 affects Fiyo CMS 2.x up to 2.0.7. An attacker can upload a webshell by sending the content parameter to /dapur/apps/app_theme/libs/save_file.php, enabling remote code execution. Multiple sources corroborate the same description (NVD, CNVD, CVE lists). The exact root cause is imprope...

PHPCMS V9.6 WAP Module Arbitrary File Upload Vulnerability

PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. PHPCMS V9.6 WAP module is not strict in filtering file extensions uploaded by front-end users, resulting in an arbitrary file...

Design flaws in the backend of Zendo project management software of Qingdao Easoft Tianchuang Network Technology Co.

Zendo is open source free project management software. Qingdao Easoft Tianchuang Network Technology Co., Ltd Zendo project management software backend there are design flaws vulnerabilities. Allow attackers to use the background sql query function to write webshell and gain server privileges...

Remote Command Execution Vulnerability in Next-Generation Firewall System of SinoCom-ArtM

The InforCube Next-Generation Firewall NFW is a comprehensive security gateway security solution. A remote command execution vulnerability exists in the InforCube Next Generation Firewall system. The vulnerability allows an attacker to write php code into a file by modifying the install.php post...