CVE-2021-45003

The CVE-2021-45003 vulnerability affects Laundry Booking Management System (versions 1.0 and earlier). Affected component: profile.php, where the image parameter can trigger remote code execution to run a webshell payload. Documented impacts include remote code execution with high severity, as in...

RiteCMS 3.1.0 Shell Upload / Remote Code Execution

Exploit Title: RiteCMS 3.1.0 - Remote Code Execution RCE Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...

RiteCMS 3.1.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: RiteCMS 3.1.0 - Remote Code Execution RCE Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...

Wordpress plugin Download From Files arbitrary file upload vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. WordPress Download From Files is a file relay and download software. An attacker can use the vulnerability to upload webshell and gain server privileges...

CVE-2021-44159

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack...

CVE-2021-44159

CVE-2021-44159 concerns 4MOSAn GCB Doctor’s file upload function, where improper user privilege control allows an unauthenticated remote attacker to upload arbitrary files (including webshells) and potentially execute code, enabling arbitrary system operations or a denial of service. The vulnerab...

CVE-2021-23814

This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. Navigate to the Upload...

Free School Management Software 1.0 Shell Upload

Exploit Title: Free School Management Software 1.0 - Remote Code Execution RCE Exploit Author: fuuzap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...

Free School Management Software 1.0 - Remote Code Execution Vulnerability

Exploit Title: Free School Management Software 1.0 - Remote Code Execution RCE Exploit Author: fuuzap1 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...

Exploit for Path Traversal in Vmware Cloud_Foundation

CVE-2021-21972 CVE-2021-21972 Works On - VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔ - VMware-VCSA-all-6.5.0-16613358 ✔ For vCenter6.7 U2+ vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+. Need test - vCenter 6.5 LinuxVCSA/Window Waiting For Test -...

Threat Group Takes Aim Again at Cloud Platform Provider Zoho

State-backed adversaries expanded attacks against cloud platform company Zoho and its ManageEngine ServiceDesk Plus software, a help desk and asset management solution. A recent campaign marks an uptick in attacks against the firm’s platform, which have also included past targeting of Zoho’s...

ZrLog Command Execution Vulnerability

ZrLog is a blogging system developed using the Java language. A command execution vulnerability exists in ZrLog version 2.2.2, which can be exploited by an attacker to upload a JSP file to obtain a WebShell...

Laundry Booking Management System 1.0 Remote Code Execution

Exploit Title: Laundry Booking Management System 1.0 - Remote Code Execution RCE Date: 29/11/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...

Laundry Booking Management System 1.0 - Remote Code Execution Exploit

Exploit Title: Laundry Booking Management System 1.0 - Remote Code Execution RCE Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...

CVE-2021-44093

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...

CVE-2021-44093

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...

Design/Logic Flaw

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...

CVE-2021-44093

CVE-2021-44093 affects zrlog 2.2.2. A Remote Command Execution vulnerability exists in the avatar upload function, allowing bypass of the original limit and uploading a JSP file to obtain a WebShell. Multiple sources (NVD/NVDC, CNVD, Red Hat, CNVD, CNNVD, CVE listing) corroborate the issue and it...

CVE-2021-44093

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...

ZrLog 代码问题漏洞

ZrLog is a blogging system developed using the Java language. A command execution vulnerability exists in ZrLog version 2.2.2, which can be exploited by an attacker to upload a JSP file to obtain a WebShell...