Dream CMS LmxCMS has an arbitrary file deletion vulnerability

LmxCMS is developed using php language and mysql database, and adopts the mainstream MVC design model. Dream CMS LmxCMS has an arbitrary file deletion vulnerability that can be exploited by attackers to cause arbitrary file deletion...

SQL Injection Vulnerability in QCMS Backend

QCMS website management system is a PHP lightweight system developed through MVC architecture. There is a SQL injection vulnerability in the backend of QCMS, which can be exploited by attackers to obtain sensitive database information...

Command Execution Vulnerability in QCMS

QCMS website management system is a PHP lightweight system developed through MVC architecture. QCMS has a command execution vulnerability that can be exploited by attackers to gain server privileges...

PT-2018-13871 · Telerik · Telerik Extensions For Asp.Net Mvc

Name of the Vulnerable Software and Affected Versions: Telerik Extensions for ASP.NET MVC all versions Description: The issue allows a remote attacker to access files inside the server's web directory because it does not properly restrict access to these files. This product has been obsolete sinc...

File Inclusion Vulnerability in LankeCMS

LankeCMS Lanke Enterprise Website System is developed with PHP+MYSQL technology and MVC mode, with clear architecture and easy-to-maintain code. Support pseudo-static function, can generate google and baidu map, support custom url, keywords and description, in line with SEO standards. LankeCMS fi...

File Containment Vulnerability in iWebShop Open Source Mall System

iWebShop is an open source WEB e-commerce B2B2C platform self-supporting + merchants stationed station-building system based on PHP language + MYSQL database development, using the MVC architecture Yii framework thinking design pattern carefully designed a product. iWebShop open source mall syste...

XSS Vulnerability in HYBBS 1.5.34 CMS

HYBBS is based on HYPHP framework, the framework is a MVC structure program. XSS vulnerability exists in HYBBS 1.5.34 CMS. An attacker can use this vulnerability to implant cross-site code, obtain sensitive information such as user cookies, close cross-site pop-up boxes, and also obtain page path...

[SECURITY] Fedora 23 Update: struts-1.3.10-18.fc23

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

Microsoft .NET Framework Model View Controller Remote Denial of Service Vulnerability

Microsoft .NET Framework is the new managed code programming model for Windows. A remote denial of service vulnerability exists in the Microsoft .NET Framework Model View Controller, which can be exploited by an attacker to cause a denial of service...

[SECURITY] Fedora 22 Update: struts-1.3.10-14.fc22

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

Important: Red Hat Security Advisory: ror40-rubygem-activerecord security update

Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Apache Struts ClassLoader操作漏洞

CVE ID：CVE-2014-0094 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 该应用程序允许访问直接映射到“getClass（）”方法的“class”参数 ，这可以被利用来操纵所使用的应用程序服务器的ClassLoader。 0 Apache Struts 2.x 厂商补丁： Apache ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://struts.apache.org/release/2.3.x/docs/s2-020.html...

struts 2.3.14.2 命令执行漏洞

Apache Struts框架是一个基于Java Servlets,JavaBeans和JavaServer PagesJSP的Web应用框架的开源项目,Struts基于Model-View-ControllerMVC的设计模式,可以用来构件复杂的Web应用.Apache Struts 2.3.14.3（不含）以前版本中， 利用Action名字的模糊匹配特性可以触发命令执行攻击。 Struts 2.3.14.3...