28 matches found
CVE-2021-26642 XpressEngine file upload vulnerability
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is...
XpressEngine 跨站脚本漏洞
XpressEngine XE is a CMS Content Management System that allows anyone to publish content easily, conveniently and freely. With an open source license, anyone can use or modify it, and as an open project, anyone can participate in its development. XE suffers from a security vulnerability that stem...
XpressEngine 跨站脚本漏洞
XpressEngine is a CMS Content Management System that allows anyone to publish content easily, conveniently and freely. A security vulnerability exists in XpressEngine, which stems from the fact that in XE 1.116, there is no restriction on file extensions when uploading a Normal button. An attacke...
XpressEngine 1.4.5.7 Persistent XSS Vulnerability
No description provided by source. Exploit Title: XpressEngine version 1.4.5.7 Persistent XSS Vulnerability Date: 2011.08.08 Author: v0nSch3lling Software Link: http://www.xpressengine.com Version: 1.4.5.7 Tested on: Microsoft Windows XP SP2 Case 1. Memeber ManagementDelete Account - Target :...
XpressEngine 1.4.5.7 - Persistent Cross-Site Scripting
XpressEngine 1.4.5.7 - Persistent Cross-Site Scripting Exploit Title: XpressEngine version 1.4.5.7 Persistent XSS Vulnerability Date: 2011.08.08 Author: v0nSch3lling Software Link: http://www.xpressengine.com Version: 1.4.5.7 Tested on: Microsoft Windows XP SP2 Case 1. Memeber ManagementDelete...
XpressEngine 1.4.5.7 Persistent XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: XpressEngine version 1.4.5.7 Persistent XSS Vulnerability Date: 2011.08.08 Author: v0nSch3lling Software Link: http://www.xpressengine.com Version: 1.4.5.7 Tested on: Microsoft Windows XP SP2 Case 1. Memeber ManagementDelete...
XpressEngine 1.4.5.7 - Persistent Cross-Site Scripting
Exploit Title: XpressEngine version 1.4.5.7 Persistent XSS Vulnerability Date: 2011.08.08 Author: v0nSch3lling Software Link: http://www.xpressengine.com Version: 1.4.5.7 Tested on: Microsoft Windows XP SP2 Case 1. Memeber ManagementDelete Account - Target : Memeber Management...
ZeroBoard 4.1 pl7 - now_connect() Remote Code Execution
ZeroBoard 4.1 pl7 - nowconnect Remote Code Execution / poc by kyoungchip,jang email : [email protected] the bug - http://www.xpressengine.com/15955761 Application - Zeroboard 4.1 pl7 Reference: - http://www.nzeo.com - Zeroboard pregreplace vulnerability Remote nobody exploit by n0gada Targe...