5353 matches found
zbzcms arbitrary file upload vulnerability
zbzcms station helper CMS is a content management website of China station helper CMS zbzcms company. zbzcms version 1.0 has an arbitrary file upload vulnerability, which can be exploited by attackers to execute arbitrary code via specially crafted PHP files...
CVE-2022-27843
DLL hijacking vulnerability in Kies prior to version 2.6.4.220142 allows attacker to execute abitrary code...
CVE-2022-27129
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27131
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27131
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27349
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27346
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27064
CVE-2022-27064 : In Musical World v1, an arbitrary file upload vulnerability in uploaded_songs.php allows remote code execution via a crafted PHP file. Public PoCs show uploading a shell to /songs/uploaded_songs/shell.php due to missing file validation. Connected advisories (Red Hat RH:CVE-2022-2...
CVE-2022-26627
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file...
Design/Logic Flaw
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...
CVE-2022-20754 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...
CVE-2021-26112
CVE-2021-26112 identifies multiple stack-based buffer overflow vulnerabilities in Fortinet FortiWAN before version 4.5.9, affecting both network daemons and the command line interpreter. The underlying issue is a buffer overflow (CWE-121) that may allow an unauthenticated attacker to corrupt memo...
CVE-2022-28062
Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code...
CVE-2022-27963
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file...
Fuji Electric Alpha5
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 Vulnerabilities: Access of Uninitialized Pointer, Out-of-bound Read, Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...
DrayTek Vigor Format String Vulnerability
DrayTek Vigor is a router. a format string vulnerability exists in DrayTek Vigor, which can be exploited by remote attackers to execute arbitrary code via specially crafted HTTP messages containing malformed query strings...
Ubuntu: Security Advisory (USN-5342-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Adobe Acrobat DC (Continuous) Security Update (APSB21-29) - Windows
Adobe Acrobat DC Continuous Track is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...