154 matches found
SQL Injection Vulnerability in Mu Feng CMS of Shijiazhuang Jiesou Network Technology Co. Ltd (CNVD-2021-12806)
Mu Feng CMS is Shijiazhuang JieSuo network in 2020 launched a newest use think PHP framework of the backend management system of the site. Shijiazhuang Jiesou Network Technology Co., Ltd Mu Feng CMS has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive...
File upload vulnerability in Mu Feng CMS of Shijiazhuang Jiesou Network Technology Co.(CNVD-2020-68885)
Mu Feng CMS is Shijiazhuang JieSuo network 202 years launched a newest use of think PHP framework of the website background management system. A file upload vulnerability exists in Shijiazhuang Jiesou Network Technology Co. An attacker can exploit this vulnerability to gain control of the web...
Shijiazhuang Jiesou Network Technology Co., Ltd. Mu Feng CMS has unauthorized access vulnerability
Mu Feng CMS is Shijiazhuang JieSuo network 202 years launched a newest use of think PHP framework of the website background management system. A file upload vulnerability exists in Shijiazhuang Jiesou Network Technology Co. An attacker can use this vulnerability to directly modify the administrat...
feng-shui-artist.de Cross Site Scripting vulnerability OBB-1340618
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
File Upload Vulnerability in Mu Feng CMS of Shijiazhuang Jiesou Network Technology Co.
Mu Feng CMS is Shijiazhuang JieSuo network 202 years launched a newest use of think PHP framework of the website backend management system. Shijiazhuang Jiesou Network Technology Co., Ltd. Mu Feng CMS file upload vulnerability, an attacker can use the vulnerability to obtain control of the web...
China's Border Guards Secretly Installing Spyware App on Tourists' Phones
Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed. Xinjiang XUAR is an autonomous territory and home to many Muslim ethnic...
CVE-2019-9623
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "!--exec cmd=" in a .shtml file to ckuploadhandler.php...
CVE-2019-9623
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "!--exec cmd=" in a .shtml file to ckuploadhandler.php...
CVE-2019-9623
CVE-2019-9623 affects Feng Office 3.7.0.5. Remote code execution is possible via the injection vector "
Feng Office Arbitrary Code Execution Vulnerability
Feng Office is an open source online collaboration system , using the B/S architecture , using php language development . An arbitrary code execution vulnerability exists in Feng Office 3.7.0.5. A remote attacker can exploit this vulnerability by using the "! --exec cmd=" in the...
Feng Office 3.7.0.5 Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...
Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)
Feng Office 3.7.0.5 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...
Feng Office 3.7.0.5 - Remote Command Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...
Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...
LFCMS Information Disclosure Vulnerability
Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. A security vulnerability exists in LFCMS version 3.8.6. An attacker can exploit the vulnerability to disclose the full path with the help of /install.php?s=/1 URI...
LFCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-00992)
Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. A cross-site request forgery vulnerability exists in the admin.php?s=/Member/add.html page in LFCMS version 3.8.6. A remote attacker can exploit this vulnerability to perform unauthorized operations...
LFCMS Directory Traversal Vulnerability
Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. LFCMS version 3.8.6 of http://www.a.com:84/admin.php?s=/Template/index.html页面存在目录遍历漏洞. An attacker can exploit this vulnerability with the help of the '...' sequence in the Template/edit/path URIs. ' sequence in...
CVE-2018-20604
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
Directory traversal
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
Path traversal
Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...