CVE-2022-29624

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-28093

SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-24136

Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it...

CVE-2022-0343

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

Google perfetto 安全漏洞

Google perfetto is a Google Inc. program for collecting performance information on Android devices via the Android Debug Bridge ADB. Google perfetto suffers from a security vulnerability that originates when a user usually a developer manually invokes the . /tools/run-dev-server script can send...

CVE-2022-25495

The component /jqueryfileupload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file...

PT-2022-12094 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The rtmp=start...

CVE-2021-24375

Lack of authentication or validation in motorloadmore, motorgalleryloadmore, motorquickview and motorprojectquickview AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauthenticated attacker access to arbitrary files in the server file system, and to execute arbitrary php script...

vFairs 代码问题漏洞

vFairs is a virtual event platform by vFairs Singapore. It can host exciting online conferences, trade shows, job fairs and more. A security vulnerability exists in vFairs 3.3, which stems from the fact that any user logged into a vFairs virtual meeting or event can abuse the functionality by...

SQL injection vulnerability in the ab***.php page bi*** parameter of the website building system of Hefei Yilang Network Technology Co.

Hefei Yilang Network Technology Co., Ltd. is a company specializing in Internet technology services, development and application. Hefei a wave of network technology limited company to build a station system ab.php page bi parameters exist SQL injection vulnerability, an attacker can use the...

CVE-2019-14216

An issue was discovered in the svg-vector-icon-plugin aka WP SVG Icons plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file...

CVE-2019-12939

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the pextrse parameter...

DEBIAN-CVE-2018-10059

Cacti before 1.1.37 has XSS because the getcurrentpage function in lib/functions.php relies on $SERVER'PHPSELF' instead of $SERVER'SCRIPTNAME' to determine a page name...

CVE-2017-15632

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptpserver.lua file...

Microsoft Word - .RTF Remote Code Execution Exploit

Exploit for windows platform in category remote exploits ''' Exploit Title: Exploit CVE-2017-0199 Word RTF RCE vulnerability to gain meterpreter shell Date: 17/04/2017 Exploit Author: Bhadresh Patel Version: Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsof...

CVE-2016-2942

IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine...

AlegroCart 1.2.7 Command Execution

Exploit Title: AlegroCart = 1.2.7 spellchecker.php Remote Command Execution Vulnerability Author: T0x!c Date: 22/02/2012 Facebook Page: www.facebook.com/DzTem E-mail: [email protected] Category:: webapps Google Dork: intext:" Powered by AlegroCart Your Store Name © 2012" Vendor:...

The pictures verify the vulnerability of the social worker use-vulnerability warning-the black bar safety net

Text/meal HTTP request: GET /iai.php HTTP/1.1 indicates that the request method is GET, the request address, and the HTTP Protocol version Accept: / indicates that the client can identify the content type of list,/represent all types Accept-Language: zh-cn indicates that the client can understand...

WalRack upload file handilng vulnerability

Overview WalRack Walrus File Rack CGI contains a vulnerability in handling upload files. WalRack is a CGI that provides an interface to upload files on the Web. WalRack contains a vulnerability in handling upload files. Impact An arbitrary PHP script may be executed on the server where WalRack is...

Fedora 11 : mysql-5.1.47-1.fc11 (2010-9061)

Update to MySQL 5.1.47, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html including fixes for CVE-2010-1848, CVE-2010-1849, CVE-2010-1850 In F13, also create mysql group explicitly in pre-server script, to ensure correct GID Note that Tenable Network Security...