Remote code execution

Monstra CMS 3.0.4 allows remote code execution via an uploadfile request for a .zip file, which is automatically extracted and may contain .php files...

CVE-2018-9037

Monstra CMS 3.0.4 allows remote code execution via an uploadfile request for a .zip file, which is automatically extracted and may contain .php files...

CVE-2018-9037

Monstra CMS 3.0.4 allows remote code execution via an uploadfile request for a .zip file, which is automatically extracted and may contain .php files...

CVE-2017-17874

Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI...

dayrui FineCms v5/config/system.php File Upload Vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. An upload vulnerability exists in the v5/config/system.php file in dayrui FineCms version 5.2.0, which is caused by the program...

CVE-2017-16920

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...

CVE-2017-16920

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...

Slack: Unauthenticated LFI revealing log information

@juji found a bug which allowed the disclosure of local files on certain servers - this included PHP files and logs. We performed a thorough investigation to ensure that this issue was not exploited, and as a precaution revoked tokens which were inadvertently logged. Thanks @juji! Write-up...

Directory traversal

Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal...

CVE-2017-10993

Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal...

A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter

More info at https://contao.org/en/news/contao-441.html...

A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter

More info at https://contao.org/en/news/contao-441.html...

CVE-2017-9441

Multiple cross-site scripting XSS vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the 1 title or 2 version or 3 authorname parameter in manifest.json. This issue exists ...

Omegle Clone - SQL Injection

Omegle Clone - SQL Injection Exploit Title: Omegle Clone - SQL Injection Google Dork: N/A Date: 18.03.2017 Vendor Homepage: http://turnkeycentral.com/ Software: http://www.turnkeycentral.com/scripts/omegle-clone/ Demo: http://demo.turnkeycentral.com/omegleclone/ Version: N/A Tested on: Win7 x64,...

WordPress File Manager 3.0.1 Cross Site Request Forgery

------------------------------------------------------------------------ Cross-Site Request Forgery in File Manager WordPress plugin ------------------------------------------------------------------------ David Vaartjes, July 2016...

CVE-2017-5520

The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the .php6, .php7 and .phtml extensions...

CVE-2016-9836

The file scanning mechanism of JFilterInput::isFileSafe in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally,...

HelpDeskZ 1.0.2 unauthorized Shell upload

No description provided by source. ''' Exploit Title: HelpDeskZ /submitticketcontroller.php - Line 141 $filename = md5$FILES'attachment''name'.time.".".$ext; So by guessing the time the file was uploaded, we can get RCE. Steps to reproduce:...

HelpDeskZ 1.0.2 - Arbitrary File Upload

HelpDeskZ 1.0.2 - Arbitrary File Upload ''' Updated Exploit Provided by Drew Griess Exploit Title HelpDeskZ = v1.0.2 - Unauthenticated Shell Upload Google Dork intextHelp Desk Software by HelpDeskZ Date 2016-08-26 Exploit Author Lars Morgenroth - @krankoPwnz Vendor Homepage httpwww.helpdeskz.com...

Lepton CMS 2.2.02.2.1 - Directory Traversal

Lepton CMS 2.2.02.2.1 - Directory Traversal + Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product:...