2595 matches found
Command execution vulnerability in FrogCMS La***.php file
FrogCMS is an enterprise building system CMS based on PHP+Mysql architecture that can run on various server platforms such as Linux, Windows and so on. FrogCMS La.php file has a command execution vulnerability that can be exploited by an attacker to gain access to the site permissions and so on...
Command execution vulnerability in FrogCMS Pa***.php file
FrogCMS is an enterprise building system CMS based on PHP+Mysql architecture that can run on various server platforms such as Linux, Windows and so on. FrogCMS Pa.php file has a command execution vulnerability that can be exploited by an attacker to gain access to the site permissions and so on...
SQL Injection Vulnerability in Zoneminder st***.php File
Zoneminder is an open source video surveillance system. A SQL injection vulnerability exists in the Zoneminder st.php file. An attacker can exploit the vulnerability to obtain sensitive database information...
YUNUCMS cross-site scripting vulnerability (CNVD-2019-00565)
YUNUCMS is China Yunyou YUNU network technology company of a set of open source enterprise station building content management system CMS. YUNUCMS1.1.8 version of the app/admin/controller/System.php file there is a cross-site scripting vulnerability , a remote attacker can write to the sys.php fi...
Vtiger CRM 7.1.0 Remote Code Execution
Exploit Title: Vtiger CRM 7.1.0 - Remote Code Execution Date: 2018-12-27 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.vtiger.com Software Link: https://sourceforge.net/projects/vtigercrm/files/latest/download Version: v7.1.0 Category:...
CVE-2018-20480
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php Pid parameter...
CVE-2018-1000839
LH-EHR version REL-200 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type...
i-doit open code execution vulnerability
i-doit open is an open source automated operations and maintenance system. The system includes IT asset management , IP address management , IT infrastructure management and technical document management and other functions . A code execution vulnerability exists in i-doit open version 1.11.2,...
CVE-2018-20159
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file...
zzzcms v1.5.8 SQL Injection Vulnerability in Frontend in***.php File
zzcms is a free website builder developed in asp language. zzzcms v1.5.8 SQL injection vulnerability exists in the foreground in.php file. An attacker can exploit the vulnerability to obtain sensitive information from the database...
i-doit CMDB 1.11.2 Remote Code Execution
Exploit Title: i-doit CMDB 1.11.2 - Remote Code Execution Date: 2018-12-05 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.i-doit.org/ Software Link: https://www.i-doit.org/i-doit-open-1-11-2/ Version: v1.11.2 Category: Webapps Tested on: XAM...
CVE-2018-19692
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type...
SQL Injection Vulnerability in VANOC Enterprise Website Management System (PHP Version) cm***.php File
Vanno enterprise website management system PHP version is a php+MySQL development of php enterprise website management system. A SQL injection vulnerability exists in the cm.php file of the VANOC enterprise website management system PHP version. An attacker can exploit the vulnerability to obtain...
Command Execution Vulnerability in In***.php File of CloudYou CMS Enterprise Website Management System
YUNUCMS enterprise website management system YUNUCMS is a set of professional marketing enterprise building system based on PHP + MYSQL as the core development. A command execution vulnerability exists in the In.php file of the YUNUCMS enterprise website management system. An attacker can exploit...
Code injection
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed...
CVE-2018-18874
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...
CVE-2018-18382
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" aka user/edit-profile action...
SQL Injection Vulnerability in Five Fingers CMS v4.1.0
Five fingers CMS is a high-performance open source content management system , support for LNAMP architecture . Five Fingers CMS v4.1.0 SQL injection vulnerability exists , the vulnerability stems from the failure to filter ca.php file in the groupname parameter , an attacker can use the...
D-Link Central WiFiManager Software Controller Code Execution / XSS Exploit
D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected. D-Link Central WiFiManager Software Controller Multiple Vulnerabilities 1. Advisory Information Title: D-Link Central WiFiManager...
D-Link Central WiFiManager Software Controller Multiple Vulnerabilities
1. Advisory Information Title: D-Link Central WiFiManager Software Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0010 Advisory URL:http://www.coresecurity.com/core-labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities Date published: 2018-10-04 Date...