📄 Xerte Online Toolkits 3.14 Upload Image Shell Upload

This Metasploit module exploits the user template file import functions unrestricted file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. This targets editor/uploadImage.php. This has only been tested in implementations where the authentication type is Db...

EUVD-2018-4974

Malware in sbrugna...

DNN 安全漏洞

DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable, feature-rich and so on. A security vulnerability exists in versions prior to DNN 10.1.0, which stems from...

Deserialization of untrusted data

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action...

CVE-2018-13024

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action...

CVE-2018-13024

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action...

joyplus-cms Arbitrary File Upload Vulnerability

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A security vulnerability exists in the...

CVE-2018-8766

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...

CVE-2018-8766

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...

ViArt Shop 4.2.1 CSRF / XSS / SQL Injection / File Upload

ViArt Shop 4.2.1 Mullti Vulnerability ===================================== Author : indoushka Vondor : www.viart.com/ Dork : PHP Ecommerce Solutions by ViArt ========================================= XSS : C:\AppServ\www\viart\articlesrss.php Line : 190 echo $xml Remote/Local File Inclusion :...

Southern data editor(southidceditor)injection 0day vulnerabilities-vulnerability warning-the black bar safety net

Injection point:newssearch. asp? key=7%' union select 0,username%2BCHR1 2 4%2Bpassword,2,3,4,5,6,7,8,9 from admin where 1 or '%'='&otype=title&Submit=%CB%D1%CB%F7 It may beanother versionnewssearch. asp? key=7%' union select 0,username%2BCHR1 2 4%2Bpassword,2,3,4,5,6,7,8,9,1 0 from admin where 1...

Zhuo Xun intelligent site management system EmteEasySite vulnerability 0day-vulnerability warning-the black bar safety net

| Zhuo Xun intelligent site management system ,official website:http://www. emte. com. cn/ Google:technical support:Zhuo information technology the default background:/main/login. asp //directly into the backstage to see the copyright is not EmteEasy system Exploit:the default address database ca...

Zhuo Xun intelligent site management system EmteEasySite vulnerability+get webshell method-vulnerability warning-the black bar safety net

Zhuo Xun intelligent site management system EmteEasySite Official website:http://www. emte. com. cn/ Baidu search: Technical support:Zhuo Information Technology Directly into the background to see the copyright is not EmteEasy system /main/login. asp Exploit: The default database address can be...