CVE-2019-11677

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity XXE Injection...

Snapchat: Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata

Hey there, I was looking at your ads site with @daeken, we found some weird behavior in the import function of the creative app. Here are the steps: POC - Login to https://business.snapchat.com/ - Go to creative library - New Creative - Under "Topsnap Media", click on "Create" - Click on any of t...

OpenRefine XML External Entity Injection Vulnerability

OpenRefine is a standalone open source desktop application for data cleaning and converting data to other formats. An XML External Entity Injection XXE vulnerability exists in the data import function in OpenRefine versions 3.1 and earlier. The vulnerability can be exploited to read arbitrary fil...

CVE-2018-19404

In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url=...

PHPOK Arbitrary File Upload Vulnerability

PHPOK is an enterprise building system that supports expansion. An arbitrary file upload vulnerability exists in the 'importf' function in the framework/admin/moduleccontrol.php file in PHPOK version 4.9.032. An attacker can exploit this vulnerability to upload arbitrary zip files...

Privilege escalation

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the importf function in framework/admin/moduleccontrol.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944...

Denial of Service Vulnerability in INVT Studio

INVT Studio is a serial and Ethernet based inverter monitoring system. A denial of service vulnerability exists in INVT Studio version 1.20 due to a failure to follow the specification for code behavior at the INVT Studio import function. An attacker can exploit this vulnerability to cause a deni...

PlaySMS Remote Code Execution Vulnerability (CNVD-2017-08174)

PlaySMS is a web-based SMS platform. The platform supports connectivity to SMS gateways, personal messaging systems, and corporate group communication tools. A remote code execution vulnerability exists in the import.php file a.k.a. phonebook import function in PlaySMS version 1.4. A remote...

PlaySMs Remote Code Execution Vulnerability (CNVD-2017-10344)

PlaySMS is an open source WEB SMS platform. A remote code execution vulnerability exists in PlaySms. The vulnerability stems from the address book calling a function in import.php. An attacker can exploit the vulnerability to execute malicious code...

PlaySMS 1.4 - import.php Remote Code Execution

PlaySMS 1.4 - import.php Remote Code Execution Exploit Title: PlaySMS 1.4 Remote Code Execution using Phonebook import Function in import.php Date: 21-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22...

From the patch compare to the PoC to reproduce it MS16-0 3 0-vulnerability warning-the black bar safety net

MS16-0 3 0 vulnerability MS16-0 3 0 vulnerabilities Windows OLE remote code execution vulnerability, since OLE does not have the correct validation of user input, causing by the special structure of the file or the program can trigger the vulnerability, causing the user to click on after the remo...

CVE-2016-0879

Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL...

CuuMall最新版任意文件包含

简要描述： CuuMall免费网上商城系统基于企业级MVC技术架构，安全、稳定，可保证同时在线人数达10000人左右，能适应不同领域的公司企业，文件缓存机制、数据库缓存机制，保证系统稳定运行，多种功能以满足不同客户网上开店的需求。 详细说明： //执行应用程序 static public function exec // 是否开启标签扩展 $tagOn = C'APPPLUGINON'; // 项目运行标签 if$tagOn tag'apprun'; //创建Action控制器实例 $group = defined'GROUPNAME' ? GROUPNAME.C'APPGROUPDEP...

Windows Mail Rogue Program.exe Execution

Hi @ll, the import function of Windows Mail executes a rogue program C:\Program.exe with the credentials of another account, resulting in a privilege escalation! 1. Fetch and save it as C:\Program.exe 2. Start Windows Mail part of Windows Vista and Windows Server 2008 3. On the File menu, click...

Debian DSA-2975-1 : phpmyadmin - security update

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. -...

Debian: Security Advisory (DSA-2975-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2012-2106

Integer overflow in the pvimport function in util/pvimport.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow...

Design/Logic Flaw

The readblock function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service application crash via a crafted length field of an OpenPGP packet...

DOYOcms local file inclusion vulnerability-vulnerability warning-the black bar safety net

It is this set of CMS, this is very simple to. ! DOYOcms local file inclusion vulnerability Here's the$handlecontroller = syClass$controller, null, $GLOBALS'GDY'"controllerpath".'/'.$ controller.". php"; Next look down ! DOYOcms local file inclusion vulnerability ! DOYOcms local file inclusion...