2118 matches found
File Upload Vulnerability in Patrol Cloud Light Forum System (CNVD-2021-99759)
Patrol cloud light forum system is a JAVA MYSQL architecture based on open source web applications , including forums , Q&A modules . Patrol cloud light forum system has a file upload vulnerability , the attacker can use the vulnerability to upload webshell to obtain server privileges...
Exploit for Server-Side Request Forgery in Microsoft
python sendwebshellmail.py https://mail16.echod.com aaa@echo...
Wordpress Plugin Smart Product Review Arbitrary File Upload Vulnerability
WordPress is a blogging platform developed using the PHP language.Smart Product Review is a versatile review package for users' WooCommerce stores. Wordpress plugin Smart Product Review arbitrary file upload vulnerability can be exploited by an attacker to upload a webshell and gain server...
Online Learning System 2.0 - Remote Code Execution Exploit
Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux / Windows 10 CVE...
Zoho’s ManagedEnginePassword Manager Flaw Torched by Godzilla Webshell, New Data Stealer
A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far technology,...
Unrestricted file upload
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboardteacher.php, which allows changing the avatar through teacheravatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By...
CVE-2021-42669
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboardteacher.php, which allows changing the avatar through teacheravatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By...
Exploit for Unrestricted Upload of File with Dangerous Type in Engineers_Online_Portal_Project Engineers_Online_Portal
CVE-2021-42669 CVE-2021-42669 - Remote code execution via unre...
Mara CMS File Upload Vulnerability
Mara CMS is a file-based content management system. A file upload vulnerability exists in Mara v7.5, which stems from /codebase/dir.php?type=filenew failing to properly filter user input. An attacker can use this vulnerability to upload a webshell file to execute arbitrary commands...
Mara CMS 代码问题漏洞
Mara CMS is a file-based content management system. A file upload vulnerability exists in Mara v7.5, which stems from /codebase/dir.php?type=filenew failing to properly filter user input. An attacker can use this vulnerability to upload a webshell file to execute arbitrary commands...
Engineers Online Portal 1.0 - File Upload Remote Code Execution Vulnerability
Exploit Title: Engineers Online Portal 1.0 - File Upload Remote Code Execution RCE Exploit Author: SadKris Venor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Version: 1.0 Tested on: XAMPP, Windows 11...
Engineers Online Portal 1.0 Shell Upload
Exploit Title: Engineers Online Portal 1.0 - File Upload Remote Code Execution RCE Date: 10/23/2021 Exploit Author: SadKris Venor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Version: 1.0 Tested on: XAMPP, Windo...
rConfig SQL Injection Vulnerability (CNVD-2021-99274)
rConfig is an open source network device configuration management utility . A SQL injection vulnerability exists in rConfig version 3.9.6. An attacker can exploit this vulnerability to upload a webshell to the server and access it remotely...
CVE-2021-29004
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...
CVE-2021-29004
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...
Sql injection
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...
CVE-2021-29004
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...
CVE-2021-29004
CVE-2021-29004 affects rConfig 3.9.6 with a SQL Injection vulnerability. The vulnerability requires authentication to exploit; if the MySQL server is the same as rConfig and --secure-file-priv is not set, an attacker could upload a webshell and access it remotely. Public references indicate sever...
AF-ShellHunter - Auto Shell Lookup
AF-ShellHunter: Auto shell lookup AF-ShellHunter its a script designed to automate the search of WebShell's in AF Team How to pip3 install -r requirements.txt python3 shellhunter.py --help Basic Usage You can run shellhunter in two modes --url -u When scanning a single url --file -f Scanning...
Online Traffic Offense Management System 1.0 - Multiple Remote Code Execution Vulnerability
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...