16 matches found
OWASP CRS Arbitrary File Upload
A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This has been addressed in versions 3.3.9, 4.25.x LTS, and 4.8.x...
Remote Code Execution
Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...
CVE-2021-46386
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileActionupload...
Unrestricted file upload
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileActionupload...
CVE-2021-46386
Mingsoft MCMS
CVE-2021-46386
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileActionupload...
Jspx cms has a command execution vulnerability
Jspx cms is flexible , easy to expand , open source java web content management system . Jspx cms has a command execution vulnerability that can be exploited by an attacker to gain server privileges...
Code injection
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/editUploadImage URI...
Code injection
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...
金蝶某系统存在任意文件上传漏洞可威胁内网
简要描述: 上传绕过,可内网才是关键 详细说明: WooYun: 某大型在线考试系统通用型任意文件上传(涉及银行、证卷等企业) 问题发生后,是有进行相应的修补,但修补的有问题,限制了对jsp马的上传,但jspx毫无限制 上传jsp直接报错 但是jspx就 http://exam.kingdee.com/mana/edit/attachupload.jsp 可直接上传jspx马 上传成功后直接查看源代码获取shell地址 漏洞证明:...
JEECMS通用支付漏洞+xss
简要描述: 1111 详细说明: 添加到购物车,然后支付,抓包改包,改了好久都是正数,无奈。。只好换思路,如果让他负数的话就爽咯。。哈哈 影响大量商场网站,而且程序是jspx的,有钱人啊。。商场网站如果能盲打后台的话我就不多说什么了吧。。看下影响先: 看了这个我真的没有笑。。。 首先添加两个大商品的时候,我们添加两个,然后 我们可以看到是23192 二万三千一百九十二块钱是吧。。那么我们继续 一路通杀-。- img src="https://images.seebug.org/up...
JEECMS一处通用越权第三弹
简要描述: 1 详细说明: 影响大量商场网站,而且程序是jspx的,有钱人啊。。商场网站如果能盲打后台的话我就不多说什么了吧。。看下影响先: http://wooyun.org/bugs/wooyun-2015-096948 首先ID1去选个商品,ID2也去选一个。 看图就明白啦。 ID263 漏洞证明: 影响大量商场网站,而且程序是jspx的,有钱人啊。。商场网站如果能盲打后台的话我就不多说什么了吧。。看下影响先: http://woo...
JEECMS储存xss盲打后台#4(4处打包+demo演示)
简要描述: 小号666 详细说明: WooYun: JEECMS储存xss盲打后台1(demo演示) WooYun: JEECMS储存xss盲打后台2(打一送一+demo演示) WooYun: JEECMS储存xss盲打后台3(打一送二+demo演示) 继续来有打一送一,有打一送二,这次该打一送三了吧 稳定压倒一切! Jeecms是基于java技术研发的站群管理系统,稳定、安全、高效、跨平台、无限扩展是jeecms 的优点,系统支持mysql、oracle、sqlserver、db2等主流数据库。 轻松建设大规模网站群,从jeecms开始 官网:http://www.jeecms.com...
tomcat: information disclosure via XXE when running untrusted web applications
It was found that several application-provided XML files, such as web.xml, content.xml, .tld, .tagx, and .jspx, resolved external entities, permitting XML External Entity XXE attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictio...
tomcat: information disclosure via XXE when running untrusted web applications
It was found that several application-provided XML files, such as web.xml, content.xml, .tld, .tagx, and .jspx, resolved external entities, permitting XML External Entity XXE attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictio...
PT-2005-5499 · Apache · Jakarta Tomcat +1
Name of the Vulnerable Software and Affected Versions: Jakarta Tomcat versions 5.5.6 and earlier Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat. These vulnerabilities allow remote attackers to inject arbitrary w...