12 matches found
EUVD-2018-0735
Malware in sbrugna...
EUVD-2022-4463
Malicious code in bioql PyPI...
Path Traversal in minsoft:ms-mcms
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file in the position parameter to an arbitrary directory via a ../ Directory Traversal in the url parameter...
Design/Logic Flaw
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercep...
CVE-2018-18830
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercep...
CVE-2018-18831
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file in the position parameter to an arbitrary directory via a ../ Directory Traversal in the url parameter...
CVE-2018-18831
The CVE-2018-18831 issue affects MCMS 4.6.5, specifically in com\mingsoft\cms\action\GeneraterAction.java. An attacker can exploit a directory traversal via the position parameter in the url to write a .jsp file to an arbitrary directory, enabling arbitrary file write. The connected advisories de...
CVE-2018-18830
MCMS 4.6.5 is affected by a flaw in com\mingsoft\basic\action\web\FileAction.java where the upload interface does not verify login status, allowing an attacker to upload JSP content disguised as a .png file and then coerce a suffix change to .jsp to access a stored path and execute arbitrary JSP ...
CVE-2018-18830
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercep...
Cross site request forgery (csrf)
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do...
CVE-2018-17366
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do...
CVE-2018-17366
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do...