CVE-2024-57494

Summary (CVE-2024-57494) : Neto E-Commerce CMS versions 6.313.0 through 6.3115 contain a cross-site scripting (XSS) vulnerability in the kw parameter that can be exploited by a remote attacker to escalate privileges. The issue is confirmed across multiple feeds (Red Hat, NVD, CVE List, CNNVD) wit...

Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites

Researchers have identified a credit-card skimming campaign that’s been active since mid-April that has a rather specific and unusual target: ASP.NET-based websites running on Microsoft Internet Information Services IIS servers. New research from Malwarebytes Labs recently uncovered the campaign,...

CVE-2018-16157

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save itemtotals parameter to zero, the entire cart is sold for free...

帝友P2C借贷系统前台getshell#1

简要描述： 帝友P2C借贷系统前台getshell1 详细说明： 这次是帝友公司旗下出的另一套电子商务cms 不是帝友p2p！ 官方最新版本是 帝友P2C借贷系统V1.01 上传头像处存在getshell 已官方演示站做演示 已注册账号，账号密码都是test1a 访问 http://p2c.diyou.cc/?user&m=approve/safe 上传头像，抓包 修改数据包，插入一句话木马，修改后缀为php后缀 虽然回显500，但是phpshell已经上传了 dyupfiles/avatar/diyou/用户id.php 得到...