8 matches found
FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-26444)
FineCms is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the controllers/member/api.php file in FineCms version 5.0.11. A remote attacker can exploit this vulnerability to inject arbitrary Web script or...
TYPO3 CMS news management module SQL injection vulnerability analysis with exp-a vulnerability warning-the black bar safety net
Foreword By POST, to send orderByAllowed and orderBy, we will be able to control part of the SQL statement and get the injection vulnerabilities. The body The news module is TYPO3(Typo3 content management system the most commonly used one of the modules, and now will be subject toSQL...
HelpDEZK 1.1.1 CSRF / Code Execution
Exploit Title: Multiple CSRF Remote Code Execution Vulnerability on HelpDEZK 1.1.1 Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.helpdezk.org/ Software Link: https://codeload.github.com/albandes/helpdezk/zip/v1.1...
Apache Struts 2 Jakarta Multipart Parser file upload command execution
Added: 03/16/2017 CVE: CVE-2017-5638 BID: 96729 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The Jakarta...
Apache Struts Dynamic Method Invocation command execution
Added: 05/06/2016 CVE: CVE-2016-3081 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. The Dynamic Method Invocation...
Apache Struts 2 ConversionErrorInterceptor Java Injection
Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...
VELOCITY local code execution vulnerability-vulnerability warning-the black bar safety net
by emptiness prodigal heart velocity is a J2EE MVC architecture the most commonly used presentation layer template file, due to the excellent performance, very much of the J2EE Application, use this template. Usually when in use, and other framework-binding, the most common framework is struts2,...
Apache Struts Classes Directory Traversal (CVE-2008-6505)
Apache Struts is a Java-based web application development framework. Unlike JSP and Servelets, Struts encourage good application design by enforcing MVC Model-View-Controller architecture for separation of concerns like business logic Model from web-page design View and navigational code...