SQL Injection Vulnerability in deituiCMS fu***.php File

deituiCMS is a PHP-based open source content management system. A SQL injection vulnerability exists in the deituiCMS fu.php file, which can be exploited by attackers to obtain sensitive database information...

zzzcms V1.5.7 php official version of the front-end of the existence of code execution vulnerabilities

zzcms is a free and open source building system, mainly facing the majority of webmasters to use. zzzcms V1.5.7 php official version of the foreground there is a code execution vulnerability, attackers can use the vulnerability to execute arbitrary code...

Code execution vulnerability in niubicms

niubicms is by the Nanjing Niukun Network Technology Co., Ltd. independent research and development of the novel website source code, news website source code, for PHP open source system. niubicms code execution vulnerabilities exist. Attackers can take advantage of the vulnerability to upload...

NiuShop B2C Single Merchant Mall System suffers from SQL Injection Vulnerability

NiuShop B2C single merchant mall system is a PHP open source e-commerce system designed and developed completely independently by Shanxi NiuKu Information Technology Co. NiuShop B2C single merchant mall system SQl injection vulnerability, attackers can use the vulnerability to obtain sensitive...

Xinhou Tong Office System V1.6.3 version of the existence of cross-site scripting and CSRF vulnerabilities in a number of places

Xinhuo coworking system is an open source office system, cross-platform system, support APP, pc web version, pc client and so on. Xinhao Co-working System V1.6.3 version of the existence of multiple cross-site scripting and CSRF vulnerabilities , attackers can use the vulnerability to steal cooki...

Moderate: Red Hat Security Advisory: satellite and spacewalk security and bug fix update

An update for satellite-schema, spacewalk-backend, spacewalk-java, and spacewalk-schema is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base...

Unauthorized operation vulnerability in 74cms frontend

74cms knight cms is a PHP-based open source professional talent system. 74cms has an override access vulnerability. Attackers can use the vulnerability to modify database information...

SQL Injection Vulnerability in Multiple Parameters of DuoDuoRebate.com System V8.3_UTF8

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuo rebate website system V8.3UTF8 official version February 10, 2017 SQL injection vulnerability. Due to the lack of filtering of the tag parameter, offerimg paramete...

Apache Syncope特制Commons JEXL表达式远程代码执行漏洞

CVE ID:CVE-2014-0111 Apache Syncope是用在企业环境的数字身份管理,在JEE技术的实施和Apache 2.0许可下发布的开源系统。 Apache Syncope处理特制的Apache Commons JEXL表达式存在安全漏洞，允许通过验证的远程攻击者通过运行Apache Syncope core的JEE container来执行任意代码。 0 Apache Syncope 1.0.0 Apache Syncope 1.0.8 Apache Syncope 1.1.0 Apache Syncope 1.1.6 Apache Syncope 1.0.9,...

大汉jbook、jget、jvideo、source、jphoto和lm的通用越权漏洞

简要描述： jbook=订阅系统（好像是） source=数据源采集系统 jget=信息采集系统 jvideo=视频系统 jphoto=图片系统 lm=互动系统 大概就是这样。 详细说明： 某个同名文件虽然代码大同小异，但是都产生了同样的越权漏洞，可以重置这几个系统的安装目录相关配置信息。 漏洞证明： None 先用jphoto来做例子。 http://www.yzwh.gov.cn/jphoto/setup/ 这是jphoto的setup目录，先用exp提交数据： 提交成功后，提示配置文件修改完成，重启服务。 Exp里面是把密码设置为123456的...

Nagasaki Electronic Prefectural Office System authentication information vulnerability

Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system hardcodes some credential information and a remote attacker could impersonate genuine users. Impact A remote attacker could impersonate genuine users. As a result, the attacker...

webapp.traversal.txt

WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. Its home site is at http://www.web-app.org/ Some features are : -Easy to Install on standard Unix servers! Windows user-supported only! -User Profiles -Message forums -Private messaging between members...

phpGedView_v2.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior Summary : phpGedView is an open source system for online viewing Gedcom information family tree and genology information. Multiple PHP Code Injection vulnerabilities exist in the...