CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

EUVD-2024-55318

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

Wordpress-BRUTE-FORCE-UPLOAD-SHELL

🛠️ Wordpress-BRUTE-FORCE-UPLOAD-SHELL - Simple Tool for WordPr...

EUVD-2022-45155

Malicious code in bioql PyPI...

Exploit for Command Injection in Chamilo

CVE-2023-34960 Chamilo Command Injection with aut...

GetSimple CMS v3.3.16 - Remote Code Execution Exploit

Exploit Title: GetSimple CMS v3.3.16 - Remote Code Execution RCE Exploit Author : Youssef Muhammad Vendor: Get-simple Software Link: Version app: 3.3.16 Tested on: linux CVE: CVE-2022-41544 import sys import hashlib import re import requests from xml.etree import ElementTree from threading import...

CVE-2022-42064

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell...

Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild. The Australian software company credited cybersecurity firm Volexity for identifying the flaw, which is being...

Composr CMS 代码问题漏洞

Ocproducts Composr CMS is an open source content management system CMS written in the PHP language by ocProducts Ocproducts UK. A security vulnerability exists in Composr-CMS version 10.0.39 and earlier versions that could be exploited by an authenticated, remote attacker to upload a PHP shell to...

Online Learning Management System 1.0 Remote Command Execution

Exploit Title: Online Learning Management System 1.0 - RCE Authenticated Date: 01.01.2021 Exploit Author: Bedri Sertkaya Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...

CVE-2020-28692

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files...

Restaurant Management System 1.0 - Remote Code Execution

Restaurant Management System 1.0 - Remote Code Execution Exploit Title: Restaurant Management System 1.0 - Remote Code Execution Date: 2019-10-16 Exploit Author: Ibad Shah Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...

Airbnb Clone Script - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Vulnerability:Profile Arbitrary Shell Upload Google Dork: Airbnb Clone Script Date:11.01.2017 Vendor Homepage: http://www.tibsolutions.com/airbnb-clone/ Script Name: Airbnb Clone Script Script Buy Now:...

Malware exploit: Citadel

Type: Remote Code Execution Author: Xylitol import urllib import urllib2 Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability Work only on windows box def requesturl, params=None, method='GET': if method == 'POST': urllib2.urlopenurl, urllib.urlencodeparams.read elif method ==...

Remote Code Execution Vulnerability in JumboTCMS V7.1.5.0829

JumboTCMS V7.1.5.0829 is a set of open source web content management system built by the Microsoft . JumboTCMS V7.1.5.0829 suffers from a remote code execution vulnerability. An attacker exploiting the vulnerability can create a new administrator, and further penetration can upload a shell to...

vBulletin 5.x.x Remote Code Execution 0day Exploit

sql injection vulnerability, you can upload shell and remote execute Today I am hacked vbulletin.com , You can buy 0day today ; http://www.vbulletin.com/forum/content.php/813-Recovering-a-hacked-vBulletin-Site This is private exploit. You can buy it at http://0day.today...

WDS CMS - SQL Injection

In The Name Of ALLAH Exploit Title : WDS CMS - SQL Injection Google Dork : allinurl:wdsnews/article.php?ID= Date : 2015-08-09 Exploit Author : Ismail Marzouk Vendor Homepage : http://webdesignskolan.se/ Tested on : Windows 7 Exploit : http://...

WordPress slideshow plugin RevSlider exploit-vulnerability warning-the black bar safety net

Any read: /wp-admin/admin-ajax. php? action=revslidershowimage&img=../wp-config.php Any upload: !/ usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 5 October 2 0 1 4 Coded: 1 5 October 2 0 1 4 Updated: 2 5...

ECCMS 1.0 Cross Site Scripting / SQL Injection

===================================================================== Advisory: ECCMS 1.0 - Multiple Vulnerabilities Author: R3VANBASTARD - Yogyakarta Dork: "Powered by Econnective" / Powered by Econnective inurl:/admin =====================================================================...

Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : email protected Risk : High Class: Remote Google Dork:...