CVE-2025-43824

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

CVE-2025-22213

CVE-2025-22213 affects Joomla! media management. Inadequate checks in Media Manager let users with edit privileges change a file’s extension to arbitrary ones (including .php), enabling potential remote code execution. Affected versions include Joomla! 4.x prior to 4.4.12 and 5.x prior to 5.2.5. ...

Joomla 4.0.x < 4.4.12 / 5.0.x < 5.2.5 Joomla 5.2.5 Security & Bugfix Release (5922-joomla-5-2-5-security-bugfix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.4.12 or 5.0.x prior to 5.2.5. It is, therefore, affected by a vulnerability. - Inadequate checks in the Media Manager allowed users with edit privileges to change file extension to...

CS-Cart 1.3.3 - authenticated RCE

Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...

Using cmd hide from anti-virus and firewall method-vulnerability warning-the black bar safety net

我们 可以 把 SkSockServer.exe 更改 为 sk.jpg In this case, antivirus software will not check out. In direct double-click to perform the change through the extension of the program time, the system will ask in what way open, that is to say windows didn't recognize it. But we in the cmd command line it can...