415 matches found
CVE-2020-19672
Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell...
Exploit for Use After Free in Microsoft
System-Vulnerability 实时更新较好用最新漏洞EXP,仅供已授权渗透测试使用 --- Windows --2019.9.20 CVE-2019-0708 Blue Keep Rce --2019.11.20 CVE-2019-1388 UAC 提权 --2020.3 CVE-2020-0796 - SMBv3 poc --2020.4 CVE-2020-0796 - SMBv3 提权 --2020.5 全版本窃取令牌提权 --2020.6 CVE-2020-0796 - SMBv3 getshell Linux --2019.11 CVE-2019-14287 sudo...
CVE-2015-4553
A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell...
Exploit for CVE-2018-2894
Ladon Scanner for Python !Authorhttps://img.shields.io/bad...
CVE-2019-1010152
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80...
CVE-2019-1010152
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80...
CVE-2019-1010150
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php...
Code injection
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php...
CVE-2019-1010152
CVE-2019-1010152 affects ZZCMS (version 8.3 and earlier). The vulnerability is in user/manage.php (lines 31–80) and is described as a file-delete-to-code-execution issue, with the impact stated as getshell. Other connected records reinforce the same affected component and impact, without providin...
CVE-2019-1010152
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80...
CVE-2019-1010151
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php...
CVE-2019-1010151
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php...
Code injection
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php...
CVE-2019-1010151
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php...
CVE-2019-1010151
CVE-2019-1010151 affects zzcms zzmcms ≤ 8.3. The vulnerability is in the /user/ppsave.php component, described as “File Delete to getshell,” with the impact being getshell. NVD lists CVSS v3.0 base score 9.8 (CRITICAL) and CVSS v2.0 base score 7.5 (HIGH); attack vector is network, no authenticati...
Zhiyuan OA A8 Getshell vulnerability alerts-a vulnerability alert-the black bar safety net
Recently, 360CERT monitoring to Zhiyuan OA A8 system there is a remote Getshell vulnerabilities, has been in the field use. Zhiyuan OA A8 is a popular collaborative management software, in the medium and large business institutions widespread use. 0x01 vulnerability details Zhiyuan A8+ some versi...
File Upload Vulnerability in POSCMS
POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS v3.2.0 free version has a file upload vulnerability that can be exploited by an attacker to upload files with unlimited Getshell...
Code Execution Vulnerability in taoCMS
TAOCMS is the smallest fully functional CMS management system in China based on php+sqlite/mysql. A code execution vulnerability exists in taoCMS V2.5Beta5 and below, which can be exploited by an attacker to write and execute scripts and then getshell...
MetInfo 6.0.0存在任意文件写入漏洞getshell
...
seacms 后台getshell
作为只是审计过几次CTF线下赛的代码审计小菜鸟,暑假决定正式开始练习一些CMS的代码审计,于是便挑了SeaCMS这样一款cms进行审计,由于缺乏经验于是选择首先审计后台方面的漏洞,说实话在SeaCMS的后台部分的防护确实较少,发现了许多后台的SQL注入。。。。。后来参考SeaCMS之前的一些漏洞,终于找到了这样一个后台插入if标签从而getshell的后台getshell漏洞点。 首先演示一下整个getshell的流程: 登录面板,进入添加电影的界面,在此界面添加电影,设置图片url为if:1$GLOBALS'G'.'ET'a;//end if;...