SEO Panel 4.6.0 - Remote Code Execution (2)

Exploit Title: SEO Panel 4.6.0 - Remote Code Execution 2 Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.seopanel.org/https://www.kentico.com/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Ubuntu 20.04 !/usr/bin/env python3 ''' DESCRIPTION...

Document Uploading Vulnerability in Bidding and Procurement Management System of Guangdong Guangling Information Technology Co.

Founded in April 1998 and headquartered in Jinshan Park of Tianhe Software Park, a national software industry base, Guangdong Guangling Information Technology Co., Ltd. has been focusing on the fields of Big Data, Cloud Computing and Artificial Intelligence. A file upload vulnerability exists in...

Shaanxi Jinhua Network Technology Co., Ltd. digital newspaper management platform has file upload vulnerability

Ltd. abbreviation: Jinhua Technology is a new media technology company, mastering PDF intelligent anti-decomposition technology, focusing on the development of new media software for the digital newspaper industry, and now has a complete series of software products for the digital newspaper...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2020-17144-EXP 条件: Exchange2010; 普通用户 默认用法写webshell: CVE-2020-17144-EXP.exe mail.example.com user pass 执行命令 & 端口复用: 修改ExploitClass.cs 参考 @zcgonvh...

File Upload Vulnerability in MessageSolution Enterprise Email Archive Management System EEA

MessageSolution is a developer of enterprise email archiving software. A file upload vulnerability exists in the MessageSolution enterprise email archiving management system EEA. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File Upload Vulnerability in Management Easy Series Software of Guangzhou eCapital Software Technology Co.

Ltd. was founded in 2008, has been focusing on advertising industry management software research and development, is an advertising industry management software vendors, is committed to providing management software services for a large number of advertising production companies, advertising medi...

CVE-2021-21245

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data request.getInputStream to a user specified location request.getHeader"File-Name". This issue may lead to arbitrary file upload which can be used to upload a WebShell to...

CVE-2021-21245

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data request.getInputStream to a user specified location request.getHeader"File-Name". This issue may lead to arbitrary file upload which can be used to upload a WebShell to...

Design/Logic Flaw

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data request.getInputStream to a user specified location request.getHeader"File-Name". This issue may lead to arbitrary file upload which can be used to upload a WebShell to...

CVE-2021-21245

CVE-2021-21245 affects OneDev prior to 4.0.3, where AttachmentUploadServlet saves user-controlled data from the request into a user-specified path via File-Name header. This can enable arbitrary file upload and potential WebShell deployment on the OneDev server. The issue is addressed in 4.0.3 by...

CVE-2021-21245 Pre-Auth Arbitrary File Upload

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data request.getInputStream to a user specified location request.getHeader"File-Name". This issue may lead to arbitrary file upload which can be used to upload a WebShell to...

File Upload Vulnerability in Niushop Multi-Merchant System

Shanghai Niuzhiyun Network Technology Co., Ltd. is engaged in mobile Internet, e-commerce software-led technology research and development-oriented enterprises. A file upload vulnerability exists in the Niushop multi merchant system. Attackers can utilize the vulnerability to upload webshell and...

File Upload Vulnerability in Niushop Multi-Merchant System (CNVD-2021-07501)

Shanghai Niuzhiyun Network Technology Co., Ltd. is engaged in mobile Internet, e-commerce software-led technology research and development-oriented enterprises. A file upload vulnerability exists in the Niushop multi merchant system. Attackers can utilize the vulnerability to upload webshell and...

BumbleBee Opens Exchange Servers in xHunt Spy Campaign

A webshell called BumbleBee has taken flight in an ongoing xHunt espionage campaign that has targeted Microsoft Exchange servers at Kuwaiti organizations. According to researchers at Palo Alto Networks’ Unit 42, BumbleBee so named because of its color scheme was observed being used to upload and...

Employee Record System 1.0 Shell Upload

Exploit Title: Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2021-01-05 Vendor Homepage: https://www.sourcecodester.com/php/14588/employee-record-system-phpmysqli-full-source-code.html Software Link:...

U.S. Dept Of Defense: [hta3] Remote Code Execution on ████

Vulnerability description not provided...

2020 Ends With A Bang

December 2020 was an eventful month in cyber security. This blog recaps three of the major security events we saw towards the end of last year. December began with FireEye’s breach announcement that included a leak of its red team tools arsenal. Quickly after this announcement, Imperva Threat...

File Upload Vulnerability in OpenLab Programming Network Teaching and Exam Platform of Shanghai Rigel Software Co.

OpenLab is a comprehensive teaching management and experiment platform for program design teaching, daily practice, on-line experiment, unit test, mid-term and final exam. A file upload vulnerability exists in the OpenLab Programming Network Teaching and Testing Platform of Shanghai Rigel Softwar...

Actively exploited vulnerability fixed in SolarWinds Orion

SolarWinds has fixed a vulnerability in the Orion Platform. A malicious party could exploit this vulnerability to bypass authentication within the Orion API. Subsequently, the API can be used to compromise the Orion installation or underlying operating system. The vulnerability is actively...

UCMS suffers from a file upload vulnerability (CNVD-2021-00046)

UCMS is a content management system written in PHP. There is a file upload vulnerability in the UCMS backend, which can be exploited by an attacker to upload arbitrary scripts to obtain a website webshell...