1978 matches found
B-swiss 3 Digital Signage System 3.6.5 - Remote Code Execution
Exploit Title: B-swiss 3 Digital Signage System 3.6.5 - Remote Code Execution Date: 2020-08-27 Exploit Author: LiquidWorm Vendor Homepage: https://www.b-swiss.com Version: = 3.6.5 CVE : N/A !/usr/bin/env python3 -- coding: utf-8 -- B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code...
CVE-2020-25790
Summary: CVE-2020-25790 affects Typesetter CMS 5.x through 5.1. A ZIP upload feature allows an admin to place a PHP file inside the archive and, after extraction, execute the code, leading to arbitrary code execution. Root cause: uploaded ZIP contents can be executed via the web interface, confli...
CVE-2020-25790
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being...
B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution
Summary Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project...
Fedora 32 : drupal8 (2020-a064e7dd38)
https://www.drupal.org/project/drupal/releases/8.9.5 - https://www.drupal.org/project/drupal/releases/8.9.4 - https://www.drupal.org/project/drupal/releases/8.9.3 - https://www.drupal.org/project/drupal/releases/8.9.2 - https://www.drupal.org/project/drupal/releases/8.9.1 - Drupal core - Critical...
CVE-2020-25213
The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...
CVE-2020-25213
The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...
Design/Logic Flaw
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application...
CVE-2020-11439
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application...
CVE-2020-11546
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection...
CVE-2020-11546
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection...
Drupal 8.8.x < 8.8.8 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.72, 8.8.x prior to 8.8.8, 8.9.x prior to 8.9.1 or 9.0.x prior to 9.0.1. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Request Forgery CSRF due to...
Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-005, SA-CORE-2020-006) - Linux
Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-005, SA-CORE-2020-006) - Windows
Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
CVE-2020-13384
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048...
CVE-2020-13384
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048...
CVE-2020-12743
An issue was discovered in Gazie 7.32. A successful installation does not remove or block or in any other way prevent use of its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hiddenreq POST paramet...
CVE-2019-18869
CVE-2019-18869 affects Blaauw Remote Kiln Control (v3.00r4); leftover debug code in default.php?idx=17 allows arbitrary PHP code execution. Root cause: debug artifacts accessible via web interface, enabling full control over the PHP process. Public descriptions across Red Hat/EUVD/CNVD/NVD family...
CVE-2019-18869
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17...
CVE-2020-5558
CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors...