7207 matches found
Notes Manager 1.0 - Arbitrary File Upload
Exploit Title: Notes Manager 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/notes-management Software Link: https://astuteinternet.dl.sourceforge.net/project/notes-manager/notesmanagement.zip Version: 1.0...
CVE-2018-18771
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...
CVE-2018-18752
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter...
CVE-2018-18752
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter...
Privilege escalation
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter...
Design/Logic Flaw
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...
CVE-2018-18771
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...
Code Execution Vulnerability in X6CMS_V2.2
X6CMS, the full name of Xiaoliu Website Content Management System. X6CMS is a marketing website management platform with PHP+MYSQL architecture. A code execution vulnerability exists in X6CMSV2.2. An attacker can write any php code to gain server privileges...
CVE-2018-18752
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter...
Webiness Inventory 2.9 Shell Upload Exploit
Exploit for php platform in category web applications Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName =...
CVE-2018-18461
The Arigato Autoresponder and Newsletter aka bft-autoresponder v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments data to models/attachment.php...
Code injection
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...
CVE-2018-18426
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...
CVE-2018-18258
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...
CVE-2018-18258
CVE-2018-18258 affects BageCMS 3.1.3. The vulnerability allows an attacker to execute arbitrary PHP code on the web server and read any file via the URI index.php?r=admini/template/updateTpl&filename=, indicating a server-side code execution and information disclosure risk. The NVD entry assigns ...
CVE-2018-18083
CVE-2018-18083 affects DuomiCMS 3.0. Affected component: search.php, where the parameter searchword is processed and unsafely uses eval during if processing, enabling remote PHP code execution. This yields high/severe impact (NVD CVSS3: 9.8, CRITICAL; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploit...
CVE-2018-17442
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code...
CVE-2018-17442
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code...
Unrestricted file upload
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code...
CVE-2018-17442
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code...