164 matches found
Online Reviewer System 代码问题漏洞
Online Reviewer System is a software application. An online reviewer system. A security vulnerability exists in Sourcecodester Online Reviewer System version 2.0, which allows an attacker to bypass the image upload filter and upload a maliciously crafted PHP file...
FeehiCMS 代码问题漏洞
FeehiCMS is a Php-based CMS builder. feehiCMS v2.0.8 and previous versions have a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted PHP file...
CVE-2021-37334
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...
CVE-2021-25809
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache function in top.php...
CVE-2021-35523
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file tha...
Design/Logic Flaw
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file tha...
CVE-2021-35523
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file tha...
CVE-2020-25010
An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an...
"Shadankun Server Security Type" vulnerable to denial-of-service (DoS)
Overview "Shadankun Server Security Type" provided by Cyber Security Cloud , Inc. contains a denial-of-service DoS vulnerability. When "Rule id"s assigned by the product's internal script overlap, it would not be able to add newly detected attack source IP addresses as the blocking targets CWE-70...
PHPGurukul Online Book Store Unauthenticated File Upload Vulnerability
PHPGurukul Online Book Store is a simple online web store made with php, mysql and bootstrap. An unauthenticated file upload vulnerability exists in adminadd.php in PHPGurukul Online Book Store 1.0. An unauthenticated remote attacker could use this vulnerability to upload content, including PHP...
Nginx Log Check - Nginx Log Security Analysis Script
Nginx Log Security Analysis Script Features Statistics Top 20 Address SQL injection analysis Scanner alert analysis Exploit detection Sensitive path access File contains attack Webshell Find URLs with response length Top 20 Looking for rare script file access Find script file for 302 redirect Usa...
SQL injection vulnerability in ad***_to***.php file pi*** parameter in seacms backend
seacms ocean film and television management system, ocean cms is based on PHP + MySql technology development of video on demand system. seacms background adto.php file pi parameters exist SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...
CVE-2019-13597
CVE-2019-13597 affects Tyto Software Sahi Pro 8.0.0. The vulnerability is in s /sprm/s /dyn/Player_setScriptFile, which allows remote command execution via the _execute() function. An attacker could run ".sah" scripts through the Sahi Launcher or create new scripts with an editor, enabling server...
CVE-2019-13597
s/sprm/s/dyn/PlayersetScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the execute function...
SQL injection vulnerability in ad***/sa***.php file of zzzcms V1.7.1 version
zzcms is an asp language development of the site building system. zzzcms V1.7.1 version ad/sa.php file SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...
Command injection
In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...
CVE-2019-11448
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a PopupSLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file...
ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution (Metasploit)
ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager 11.0 %q This module...
S-CMS SQL Injection Vulnerability (CNVD-2018-26678)
S-CMS is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in S-CMS version 1.0, which can be exploited by remote attackers to execute SQL commands by sending the 'Pid' parameter to the js/pic.php file...
Microsoft SharePoint Enterprise Server Information Disclosure Vulnerability
Microsoft SharePoint Enterprise Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An...