38 matches found
Abusing Backup/Restore feature to achieve Remote Code Execution
Description Admin can use Backup modules to upload a malicious PHP file, which can lead to RCE. Proof of Concept + Log in as admin, navigate to Modules - Backup: https://demo.microweber.org/demo/admin/view:modules/loadmodule:adminbackup + Prepare a malicious PHP file, in this case info2.php +...
Design/Logic Flaw
CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI...
thesphere.ch XSS vulnerability
Open Bug Bounty ID: OBB-636864 Description| Value ---|--- Affected Website:| thesphere.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2017-6393
An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/stdtable.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...
jmd-cms - Multiple Vulnerabilities
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-19-jmd-cms-multiple-remote-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : JMD-CMS Multiple Remote...
Balitbang CMS 3.3 Shell Upload
=================================================================== CMS Balitbang v.3.3 Arbitary file upload vulnerability =================================================================== Software: CMS Balitbang Vendor: www.kajianwebsite.org Vuln Type: Arbitary file upload Download link:...
News Script PHP Pro Shell Upload
============================================================================== » News Script PHP Pro fckeditor File Upload Vulnerability ============================================================================== » Title : News Script PHP Pro fckeditor File Upload Vulnerability » Script : News...
AtomatiCMS - Upload Arbitrary File
AtomatiCMS - Upload Arbitrary File ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' Abysssec Inc Public Advisory Title : AtomatiCMS Upload arbitrary file Vulnerability Affected Version : AtomatiCMS 10all Discovery :...
Unrestricted file upload
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in...
dotNETCMS v1. 3 vulnerability 0day-vulnerability warning-the black bar safety net
Affected versions: dotNETCMS v1. 3 Vulnerability description: 前些 天 在 t00ls.net discussion the discovery of this system, and new cloud that vulnerability almost. By IIS6. 0 resolve get the shell. Exploit method: the article first black and white front First registered members, and then into the...
Unrestricted file upload
Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/numbershell.php...
[SECURITY] Fedora 10 Update: eggdrop-1.6.19-4.fc10
Eggdrop is the world's most popular Open Source IRC bot, designed for flexibility and ease of use. It is extendable with Tcl scripts and/or C modules, has support for the big five IRC networks and is able to form botnets, share partylines and userfiles between bots...
[SECURITY] Fedora 9 Update: eggdrop-1.6.19-4.fc9
Eggdrop is the world's most popular Open Source IRC bot, designed for flexibility and ease of use. It is extendable with Tcl scripts and/or C modules, has support for the big five IRC networks and is able to form botnets, share partylines and userfiles between bots...
Unrestricted file upload
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploadin...
CVE-2008-6178
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploadin...
phpGreetCards XSS / File Upload
................................................................................................... remote shell upload/xss script: phpGreetCards download from:http://www.w2b.ru/download/phpGreetCards.zip www.site.com/path/index.php?mode=select&category shell:...
phpGreetCards - Cross-Site Scripting Arbitrary File Upload
phpGreetCards - Cross-Site Scripting Arbitrary File Upload ................................................................................................... remote shell upload/xss script: phpGreetCards download from:http://www.w2b.ru/download/phpGreetCards.zip...
phpGreetCards - Cross-Site Scripting / Arbitrary File Upload
................................................................................................... remote shell upload/xss script: phpGreetCards download from:http://www.w2b.ru/download/phpGreetCards.zip www.site.com/path/index.php?mode=select&category shell:...