Lucene search
K

154 matches found

CNVD
CNVD
added 2021/01/25 12:0 a.m.5 views

SQL Injection Vulnerability in Mu Feng CMS of Shijiazhuang Jiesou Network Technology Co. Ltd (CNVD-2021-12806)

Mu Feng CMS is Shijiazhuang JieSuo network in 2020 launched a newest use think PHP framework of the backend management system of the site. Shijiazhuang Jiesou Network Technology Co., Ltd Mu Feng CMS has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive...

7.7AI score
Exploits0
CNVD
CNVD
added 2020/11/16 12:0 a.m.3 views

File upload vulnerability in Mu Feng CMS of Shijiazhuang Jiesou Network Technology Co.(CNVD-2020-68885)

Mu Feng CMS is Shijiazhuang JieSuo network 202 years launched a newest use of think PHP framework of the website background management system. A file upload vulnerability exists in Shijiazhuang Jiesou Network Technology Co. An attacker can exploit this vulnerability to gain control of the web...

7.3AI score
Exploits0
CNVD
CNVD
added 2020/11/16 12:0 a.m.1 views

Shijiazhuang Jiesou Network Technology Co., Ltd. Mu Feng CMS has unauthorized access vulnerability

Mu Feng CMS is Shijiazhuang JieSuo network 202 years launched a newest use of think PHP framework of the website background management system. A file upload vulnerability exists in Shijiazhuang Jiesou Network Technology Co. An attacker can use this vulnerability to directly modify the administrat...

7.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/09/16 8:49 a.m.10 views

feng-shui-artist.de Cross Site Scripting vulnerability OBB-1340618

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
CNVD
CNVD
added 2020/08/25 12:0 a.m.2 views

File Upload Vulnerability in Mu Feng CMS of Shijiazhuang Jiesou Network Technology Co.

Mu Feng CMS is Shijiazhuang JieSuo network 202 years launched a newest use of think PHP framework of the website backend management system. Shijiazhuang Jiesou Network Technology Co., Ltd. Mu Feng CMS file upload vulnerability, an attacker can use the vulnerability to obtain control of the web...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/07/03 8:8 a.m.2 views

China's Border Guards Secretly Installing Spyware App on Tourists' Phones

Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed. Xinjiang XUAR is an autonomous territory and home to many Muslim ethnic...

6.3AI score
Exploits0
NVD
NVD
added 2019/03/07 5:29 a.m.13 views

CVE-2019-9623

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "!--exec cmd=" in a .shtml file to ckuploadhandler.php...

9.8CVSS9.7AI score0.08116EPSS
Exploits1References2
OSV
OSV
added 2019/03/07 5:29 a.m.3 views

CVE-2019-9623

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "!--exec cmd=" in a .shtml file to ckuploadhandler.php...

9.8CVSS7.9AI score0.08116EPSS
Exploits1References2
CVE
CVE
added 2019/03/07 5:0 a.m.48 views

CVE-2019-9623

CVE-2019-9623 affects Feng Office 3.7.0.5. Remote code execution is possible via the injection vector "

9.8CVSS9.6AI score0.08116EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2019/03/07 12:0 a.m.3 views

Feng Office Arbitrary Code Execution Vulnerability

Feng Office is an open source online collaboration system , using the B/S architecture , using php language development . An arbitrary code execution vulnerability exists in Feng Office 3.7.0.5. A remote attacker can exploit this vulnerability by using the "! --exec cmd=" in the...

9.8CVSS8.4AI score0.08116EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/02/28 12:0 a.m.25 views

Feng Office 3.7.0.5 Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/02/28 12:0 a.m.16 views

Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)

Feng Office 3.7.0.5 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...

7.7AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.67 views

Feng Office 3.7.0.5 - Remote Command Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.274 views

Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/12/31 12:0 a.m.3 views

LFCMS Information Disclosure Vulnerability

Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. A security vulnerability exists in LFCMS version 3.8.6. An attacker can exploit the vulnerability to disclose the full path with the help of /install.php?s=/1 URI...

7.5CVSS6.8AI score0.01287EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/31 12:0 a.m.5 views

LFCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-00992)

Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. A cross-site request forgery vulnerability exists in the admin.php?s=/Member/add.html page in LFCMS version 3.8.6. A remote attacker can exploit this vulnerability to perform unauthorized operations...

8.8CVSS7AI score0.00523EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/31 12:0 a.m.5 views

LFCMS Directory Traversal Vulnerability

Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. LFCMS version 3.8.6 of http://www.a.com:84/admin.php?s=/Template/index.html页面存在目录遍历漏洞. An attacker can exploit this vulnerability with the help of the '...' sequence in the Template/edit/path URIs. ' sequence in...

4.9CVSS7AI score0.01369EPSS
Exploits1References1
OSV
OSV
added 2018/12/30 9:29 p.m.4 views

CVE-2018-20604

Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...

4.9CVSS5.8AI score0.01369EPSS
Exploits1References1
Prion
Prion
added 2018/12/30 9:29 p.m.16 views

Directory traversal

Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...

4CVSS5AI score0.01369EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/12/30 9:29 p.m.15 views

Path traversal

Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...

5CVSS7.5AI score0.01287EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder