8 matches found
PT-2026-33506
Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 2.0.0 Description File upload endpoints render user-supplied filenames directly into HTML using unsafe methods such as innerHTML without sanitization. This allows an attacker to craft a file with a malicious...
openSUSE 15 Security Update : python-Django (SUSE-SU-2023:2839-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2839-1 advisory. - In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload...
金蝶某系统存在任意文件上传漏洞可威胁内网
简要描述: 上传绕过,可内网才是关键 详细说明: WooYun: 某大型在线考试系统通用型任意文件上传(涉及银行、证卷等企业) 问题发生后,是有进行相应的修补,但修补的有问题,限制了对jsp马的上传,但jspx毫无限制 上传jsp直接报错 但是jspx就 http://exam.kingdee.com/mana/edit/attachupload.jsp 可直接上传jspx马 上传成功后直接查看源代码获取shell地址 漏洞证明:...
Bitweaver 2.x (FCKeditor) Multiple Arbitrary Shell Upload
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
WysGui <= 2.3 (FCKeditor) Multiple Upload Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Ariadne <= 2.7.4 Multiple Upload Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
deV!L`z Clanportal (DZCP 1.5.5.2) Multiple Upload Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
MTCMS multiple upload vulnerabilities
avatar upload vulnerability: upload any kind of file in: site.com/MTCMS-V2.2/?a=gallery&b=adddown and approuved or not it will be here : /uploads/pictures/ same thing for : add link /index.php?a=links&b=addlink xss permanent on Contact Us : message & title fields are vulnerable to an xss attack...