EUVD-2007-1597

Malware in sbrugna...

SUSE CVE-2022-24407

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

Gurock Testrail 7.2.0.3014 Improper Access Control

Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Date: 22/09/2022 Exploit Author: Sick Codes & JohnJHacking Sakura Samuraii Vendor Homepage: https://www.gurock.com/testrail/ Version: 7.2.0.3014 and below Tested on: macOS, Linux, Windows CVE : CVE-2021-40875 Referenc...

CVE-2019-15029

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the serviceedit.php file which will insert the malicious command into the database. To trigger the command, one needs to call the services.php file via a GET request with the service id...

dedecms织梦 标签远程文件写入漏洞

No description provided by source. 前题条件，必须准备好自己的dede数据库，然后插入数据： insert into dedemytagaid,normbody values1,''dede:php$fp = @fopen"1.php", ''a'';@fwrite$fp, '''';echo "OK";@fclose$fp;/dede:php''; 再用下面表单提交，shell 就在同目录下 1.php。原理自己研究。。。 form action="" method="post" name="QuickSearch"...