Lucene search
K

250 matches found

0day.today
0day.today
added 2021/12/06 12:0 a.m.353 views

Croogo 3.0.2 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == Tutorial $command"; ? ...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/14 12:0 a.m.485 views

TextPattern CMS 4.8.7 - Remote Command Execution (RCE) (Authenticated)

Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of...

7.4AI score
Exploits0
OSV
OSV
added 2021/09/09 12:15 p.m.29 views

CVE-2021-39459

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code...

7.2CVSS7.5AI score0.04894EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2021/06/14 12:0 a.m.201 views

TextPattern CMS 4.8.7 Remote Command Execution

Exploit Title : TextPattern CMS 4.8.7 - Remote Command Execution Authenticated Date : 2021/09/06 Exploit Author : Mert Daş [email protected] Software Link : https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web : https://textpattern.com/ Tested on: Server : Xampp First ...

7.4AI score
Exploits0
CNVD
CNVD
added 2021/05/26 12:0 a.m.8 views

Unspecified Vulnerability in Nagios

Nagios is a set of open source and free network monitoring tools from the American company Nagios. A security vulnerability exists in Nagios Fusion version 4.1.8 and earlier, which can be exploited by an attacker to escalate privileges to Nagios by installing a malicious component containing PHP...

9.8CVSS7.1AI score0.03607EPSS
Exploits1References1
OSV
OSV
added 2021/01/20 1:15 a.m.10 views

CVE-2020-19364

OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php...

8.8CVSS7AI score
Exploits0References1
Cvelist
Cvelist
added 2021/01/20 12:44 a.m.48 views

CVE-2020-19364

OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php...

8.8AI score0.70575EPSS
Exploits1References1
Prion
Prion
added 2020/11/13 4:15 p.m.21 views

Design/Logic Flaw

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server...

6.5CVSS8.7AI score0.09852EPSS
Exploits3References2Affected Software1
Veracode
Veracode
added 2020/07/30 8:32 a.m.18 views

Unrestricted File Upload

concrete5/concrete5 allows unrestricted file uploads. An attacker is able to upload a malicious PHP file with a file extension such as .phar, which would cause the server to execute PHP codes within the file under the context of the server...

7.2CVSS2.8AI score0.02936EPSS
Exploits1References4Affected Software1
Metasploit
Metasploit
added 2020/07/29 5:41 p.m.45 views

Baldr Botnet Panel Shell Upload Exploit

This module exploits an arbitrary file upload vulnerability within the Baldr stealer malware control panel when uploading victim log files which are uploaded as ZIP files. Attackers can turn this vulnerability into an RCE by first registering a new bot to the panel and then uploading a ZIP file...

7.2AI score
Exploits0
NVD
NVD
added 2020/03/16 6:15 p.m.50 views

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

7.2CVSS7AI score0.30254EPSS
Exploits6References3
Cvelist
Cvelist
added 2020/03/16 5:22 p.m.52 views

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

7AI score0.30254EPSS
Exploits6References3
CVE
CVE
added 2020/03/16 5:22 p.m.86 views

CVE-2020-5844

Pandora FMS v7.0 NG (specifically v7.0NG.742_FIX_PERL2020) is affected by CVE-2020-5844. The vulnerability resides at index.php?sec=godmode/extensions&sec2=extensions/files_repo, where authenticated administrators can upload arbitrary PHP scripts and trigger execution by base64-decoding the file ...

7.2CVSS6.9AI score0.30254EPSS
Exploits6References3Affected Software1
Prion
Prion
added 2020/01/21 2:15 p.m.29 views

Path traversal

A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users'photoppreview' delete photo feature, allowing bypass of .htaccess protection...

6.5CVSS9.2AI score0.83235EPSS
Exploits18References5Affected Software1
OSV
OSV
added 2019/11/18 4:15 p.m.2 views

CVE-2019-14467

The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked...

7.8CVSS7.2AI score0.0176EPSS
Exploits3References4
Prion
Prion
added 2019/09/09 2:15 a.m.23 views

Code injection

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

7.5CVSS9.3AI score0.27581EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/09/09 1:2 a.m.33 views

CVE-2019-16124

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

9.5AI score0.27581EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/07/31 5:20 p.m.18 views

CVE-2019-3960

Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file...

7.3AI score0.03019EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2019/07/26 7:13 p.m.261 views

Rare Steganography Hack Can Compromise Fully Patched Websites

An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP cod...

7.4AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2019/06/05 5:29 p.m.43 views

CVE-2019-9642

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

9.8CVSS7.4AI score0.02433EPSS
Exploits0References3
Rows per page
Query Builder