Lucene search
K

156 matches found

OSV
OSV
added 2020/03/02 4:15 p.m.4 views

CVE-2020-8500

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality...

7.2CVSS7.3AI score0.0354EPSS
Exploits1References2
CNVD
CNVD
added 2019/11/09 12:0 a.m.2 views

File upload vulnerability in myucms fo***.php page

MyuCMS open source content management system developed using ThinkPHP community mall. myucms fo.php page file upload vulnerability , an attacker can exploit the vulnerability to upload any file...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/06/11 12:0 a.m.173 views

WordPress Insert or Embed Articulate Content Plugin - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Authenticated code execution in insert-or-embed-articulate-content-into-wordpress Wordpress plugin Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archive Exploit Author:...

7.1AI score
Exploits0
OSV
OSV
added 2019/02/23 6:29 p.m.4 views

CVE-2019-9042

An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The...

7.2CVSS7.1AI score0.02031EPSS
Exploits1References1
NVD
NVD
added 2019/02/11 4:29 a.m.26 views

CVE-2019-7721

lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters...

7.5CVSS7.6AI score0.01184EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2018/12/04 12:0 a.m.57 views

Fleetco Fleet Maintenance Management 1.2 Remote Code Execution

Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Date: 2018-11-23 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link: http://www.fleetco.space/download/215/ Version: v1.2 Category: Webap...

0.1AI score
Exploits0
OSV
OSV
added 2018/11/26 7:29 a.m.3 views

CVE-2018-19550

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveyssubmit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI...

8.8CVSS5.8AI score0.05993EPSS
Exploits4References2
OSV
OSV
added 2018/08/03 7:29 p.m.3 views

CVE-2018-14911

A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by...

7.2CVSS5.8AI score0.01102EPSS
Exploits1References1
OSV
OSV
added 2018/07/23 8:29 p.m.1 views

CVE-2018-14570

A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type e.g., image/jpeg with a modified filename and file...

8.8CVSS6.3AI score0.01765EPSS
Exploits1References1
0day.today
0day.today
added 2018/03/20 12:0 a.m.76 views

Vehicle Sales Management System - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link:...

7.2CVSS0.02127EPSS
Exploits11
exploitpack
exploitpack
added 2018/03/20 12:0 a.m.49 views

Vehicle Sales Management System - Multiple Vulnerabilities

Vehicle Sales Management System - Multiple Vulnerabilities Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link:...

7.5CVSS0.4AI score0.02127EPSS
Exploits4
OSV
OSV
added 2017/07/30 6:29 p.m.2 views

CVE-2017-11756

In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...

7CVSS6AI score0.00708EPSS
Exploits0References1
OSV
OSV
added 2017/07/18 12:29 a.m.4 views

CVE-2017-11405

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file...

4.9CVSS5.8AI score0.00849EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2016/10/16 12:0 a.m.33 views

Advanced Upload (PHP) Script 1.0.2 SQL Injection

Advanced Upload PHP Script Version 1.0.2 MySQL Injection Vulnerabilities ============================================================================ Discovered by NA, NAattutanota.com ======================================= Description ============ An advanced php uploading script with MANY...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2015/11/16 12:0 a.m.44 views

Open Source Social Network 3.5 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Open Source Social Network 3.5 Product: Fixed in: 3.6 Fixed Version https://www.opensource-socialnetwork.org/downloads/ Link: ossn-v3.6-1443545762.zip Vendor Contact: https://www.opensource-socialnetwork.org/contact Vulnerability...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2015/11/09 12:0 a.m.10 views

WordPress Ajax Load More Plugin 2.8.1.1 - PHP Upload

Ajax Load More plugin is prone to a PHP upload vulnerability that allows to get remote code execution. Solution Upgrade the plugin...

3.7AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2015/11/09 12:0 a.m.25 views

WordPress Plugin Ajax Load More 2.8.1.1 - PHP Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress Ajax Load More PHP Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in the WordPres...

7.4AI score
Exploits0
Saint
Saint
added 2015/06/09 12:0 a.m.30 views

Seagate Central unauthenticated file upload

Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...

8.4AI score
Exploits0
myhack58
myhack58
added 2014/11/12 12:0 a.m.66 views

Use the phpinfo information LFI temporary file[POC]-vulnerability warning-the black bar safety net

Remember before foreign cattle raised by LFI contain temporary files? Did feel a little tasteless, because the temporary file path and name is unknown, although the temporary file name can use a similar? Other wildcards let's call it a wildcard match, while the N individual together with requests...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

ZEEJOBSITE 2.0 - Remote File Upload Vulnerability

No description provided by source. ZEEJOBSITE v2.0 remote file Upload author: ZoRLu msn: [email protected] home: www.z0rlu.blogspot.com dork: [email protected] date: 08/11/2008 aha simdi gönderiyorum saat 10:40 : first register to site you add this code your shell to head GIF89a;...

7.1AI score
Exploits0
Rows per page
Query Builder