tianti 跨站请求伪造漏洞

tianti tianti is a JAVA lightweight CMS solution by jeffry personal developer. A security vulnerability exists in tianti v2.3. An attacker can perform arbitrary operations via specially crafted GET or POST requests...

Guizhou small code technology limited company jpress exist file upload vulnerability

jpress is a complete Java CMS web management system. Ltd. jpress has a file upload vulnerability, which can be exploited by attackers to obtain sensitive information such as user cookies by uploading files...

PublicCMS Code Issues Vulnerabilities

PublicCMS is an open source content management system CMS written in Java by PublicCMS China. A code issue vulnerability exists in PublicCMS version v4.0.202302.e, which stems from vulnerability to server-side request forgery attacks...

GHSA-CWX9-RP4W-4545 Mingsoft MCMS vulnerable to Remote Code Execution via file upload.

Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...

Mingsoft MCMS vulnerable to Remote Code Execution via file upload.

Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...

Arbitrary File Read Vulnerability in PublicCMS

Public CMS is the use of 2020 mainstream technology development of open-source JAVA CMS products , support for full-site static , SSI, dynamic pages partially static , multi-site , auto-installation and other features of the content management system . PublicCMS has an arbitrary file read...

SQL Injection Vulnerability in tjpcms

tjpcms is a lightweight java-based cms solution. tjpcms suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Ladder CMS Privilege Limit Bypass Vulnerability (CNVD-2019-09102)

Tianti tianti is a free lightweight CMS system written in Java , currently provides a total solution from the back-end management to the front-end display . A privilege restriction bypass vulnerability exists in Tianti 2.3, which can be exploited by a remote authenticated user to bypass the...

Hippo CMS 10.1 - Multiple Vulnerabilities

Hippo CMS 10.1 - Multiple Vulnerabilities Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We built it so you...

Hippo CMS 10.1 - Multiple Vulnerabilities

Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing...

Hippo CMS 10.1 Stored Cross Site Scripting

" / " / input type="...

Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability

Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description XXE XML External Entity processing through upload of SVG images in the CMS, and through XML import in the CMS Console application. Hippo CMS 10.1 XML External Enti...

RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0264 advisory. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a...

FreeCms command execution(Ognl execution sequence bypass vulnerability reference EXP)-vulnerability warning-the black bar safety net

Open source free java CMS - FreeCMS1. 3-Data Objects-mail Project address: https://code.google.com/p/freecms/ Prior to the announcement of the EXP using a tool is no good, but you can with me before the release of a tool to execute commands, write shell. Vulnerability description see EXP3 using t...