519 matches found
PT-2026-21673
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...
DotCMS 安全漏洞
DotCMS is an open-source content management system developed by DotCMS Inc., written in Java. It is used to manage content and content-driven websites and applications. DotCMS has a security vulnerability that stems from a sandbox escape issue in the Velocity scripting engine. This vulnerability...
CVE-2022-37033
In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no...
CVE-2022-35740
dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...
CVE-2019-12309
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive...
📄 dotCMS 25.07.02-1 Security Scanner
dotCMS version 25.07.02-1 python scanning script that looks for remote SQL injection. ============================================================================================================================================= | Title : dotCMS 25.07.02-1 Security Scanner | | Author : indoushka |...
📄 dotCMS 24.04.24 Vulnerability Scanner
dotCMS version 24.04.24 advanced exploitation python scanning script that looks for local file inclusion, data exposure, SQL injection, and more. ============================================================================================================================================= | Title :...
📄 dotCMS 25.07.02-1 SQL Injection
This PHP script represents a sophisticated dual-method SQL Injection exploit targeting dotCMS version 25.07.02-1. The exploit combines time-based blind SQL injection and error-based SQL injection techniques to extract password hashes from the database, specifically targeting administrator account...
📄 dotCMS 25.07.02-1 SQL Injection
dotCMS version 25.07.02-1 suffers from an authenticated remote blind SQL injection vulnerability. !/usr/bin/env python3 Exploit Title: dotCMS 25.07.02-1 - Authenticated Blind SQL Injection Google Dork: N/A Date: 2025-09-09 Exploit Author: Matan Sandori OSCP, OSEP, OSWE Vendor...
EUVD-2017-12313
Malware in sbrugna...
EUVD-2016-5046
Malware in sbrugna...
EUVD-2017-3087
Malware in sbrugna...
EUVD-2017-14449
Malware in sbrugna...
EUVD-2017-12315
Malware in sbrugna...
EUVD-2016-9728
Malware in sbrugna...
EUVD-2019-3946
Malware in sbrugna...
EUVD-2016-9731
Malware in sbrugna...
EUVD-2021-22004
Malware in sbrugna...
EUVD-2008-3694
Malware in sbrugna...
EUVD-2017-14950
Malware in sbrugna...