CVE-2025-41347

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...

Actively exploited vulnerability fixed in SolarWinds Orion

SolarWinds has fixed a vulnerability in the Orion Platform. A malicious party could exploit this vulnerability to bypass authentication within the Orion API. Subsequently, the API can be used to compromise the Orion installation or underlying operating system. The vulnerability is actively...

段富超(dfc)v1.0音乐娱乐网addgbook.asp远程写入webshell漏洞

段富超dfcv1.0音乐娱乐网是集flash动画，文章系统，网络视频，留言本、在线点歌、情感测试等功能于一体（视频栏目可以直接调用优酷土豆等视频网站视频），非常适用于flash动画作者爱好者，以及视频短片作者爱好者的个人网站。 留言处没严格过滤可直接向数据库插马 dfc1.0/addgbook.asp 在留言“你的主页”写入一句话代码，%executerequest"cmd"%，留言信息会写进date/dfc.asp 连接即可获得shell http://127.0.0.1/dfc1.0/date/dfc.asp dfc v1.0 暂无 建议用户进行严格过滤...