Remote Code Execution (RCE)

Symfony is vulnerable to remote code execution RCE attacks. The Yaml::parse allows attackers to execute PHP code through a PHP file...

Hashtopussy Cross-Site Scripting Vulnerability

Hashtopussy is a cross-platform client-server tool for distributing hash table tasks between multiple computers, featuring portability, stability and multi-user support. A cross-site scripting vulnerability exists in Hashtopussy version 0.4.0. A remote attacker can exploit this vulnerability with...

Design/Logic Flaw

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

CVE-2017-11404

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

CVE-2017-11404

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

Stored Cross-Site Scripting Vulnerability in ASK2 user.php

ASK2 Q&A system belongs to the Beijing Zhengying Network Technology Company's products , is a set of open source php Q&A system , integration of paid Q&A system , paid voice Q&A system . ASK2 user.php has a stored cross-site scripting vulnerability , because the system fails to strictly filter th...

PHP file inclusion in the back end

Date : 2017-07-12 CVE ID : CVE-2017-10993 Description A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server. Affected versions...

DEBIAN-CVE-2017-10970

Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the diehtmlinputerror function in lib/htmlvalidate.php...

Remote File Upload

kindeditor is vulnerable to remote file upload. The library does not check whether a user has the permission to upload files to the system, allowing a malicious user to upload an arbitrary file to the system through a POST request to the php/uploadjson.php file...

BigTree-CMS 4.2.x < 4.2.17 Multiple Vulnerabilities

Binary data 700143.prm...

finecmsV5.0.8 \finecms\dayrui\controllers\member\Account.php getshell

Vulnerability in the file C:\phpStudy\WWW\finecms\dayrui\controllers\member\Account. in php upload function public function upload // Create the picture storage folder $dir = SYSUPLOADPATH.'/ member/'.$ this-uid.'/'; @drdirdelete$dir; ! isdir$dir && drmkdirs$dir; if $POST'tx' $file = strreplace' ...

DATA - Credential Phish Analysis and Automation

Credential Phish Analysis and Automation BUCKLEGRIPPER py Given a suspected phishing url or file of line separated urls, visit, screenshot, and scrape for interesting files. Requirements can be installed by running or reviewing installbucklegripperdeps.sh usage: bucklegripper.py -h -u URL -s SOUR...

CVE-2017-9080

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection...

CVE-2017-9080

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection...

MediaWiki SyntaxHighlight extension option injection vulnerability

This module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create & execute a PHP file in the document root. The USERNAME & PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki...

CVE-2017-8297

A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php the sole "Simple PHP File Manager" component...

Multiple SQL Injection Vulnerabilities in OIC Exponent CMS

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS 2.4.1 version of...

File upload vulnerability in semcms shqk_Admin/SEMCMS_Upfile.php file

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox and other mainstream browsers.SemCms php version written in php language, combined with apache, in window, or linux system to run. Semcms...

Pixie CMS 1.04 arbitrary file upload

Pixie CMS 1.04 background the presence of arbitrary file upload vulnerability Vulnerability analysis: In Publish File Manager module you can upload any file View Code /admin/admin/modules/modfilemanager.php $multiupload-extensions = array '. png', '. jpg', '. gif', '. zip', '. mp3', '. pdf', '...

DzSoft PHP Editor 4.2.7 - File Enumeration

DzSoft PHP Editor 4.2.7 - File Enumeration + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt + ISR: ApparitionSec Vendor: ============== www.dzsoft.com Product:...