Lucene search
K

38 matches found

Huntr
Huntr
added 2022/03/09 6:14 p.m.24 views

Abusing Backup/Restore feature to achieve Remote Code Execution

Description Admin can use Backup modules to upload a malicious PHP file, which can lead to RCE. Proof of Concept + Log in as admin, navigate to Modules - Backup: https://demo.microweber.org/demo/admin/view:modules/loadmodule:adminbackup + Prepare a malicious PHP file, in this case info2.php +...

6.5CVSS0.7AI score0.0207EPSS
Exploits1
Prion
Prion
added 2018/12/19 7:29 p.m.14 views

Design/Logic Flaw

CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI...

3.5CVSS4.9AI score0.00559EPSS
Exploits1References1Affected Software1
Openbugbounty
Openbugbounty
added 2018/06/26 9:56 a.m.10 views

thesphere.ch XSS vulnerability

Open Bug Bounty ID: OBB-636864 Description| Value ---|--- Affected Website:| thesphere.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
UbuntuCve
UbuntuCve
added 2017/03/02 6:59 a.m.18 views

CVE-2017-6393

An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/stdtable.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

6.1CVSS6.6AI score0.00958EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

jmd-cms - Multiple Vulnerabilities

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-19-jmd-cms-multiple-remote-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : JMD-CMS Multiple Remote...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/03/19 12:0 a.m.31 views

Balitbang CMS 3.3 Shell Upload

=================================================================== CMS Balitbang v.3.3 Arbitary file upload vulnerability =================================================================== Software: CMS Balitbang Vendor: www.kajianwebsite.org Vuln Type: Arbitary file upload Download link:...

Exploits0
Packet Storm
Packet Storm
added 2010/12/29 12:0 a.m.20 views

News Script PHP Pro Shell Upload

============================================================================== » News Script PHP Pro fckeditor File Upload Vulnerability ============================================================================== » Title : News Script PHP Pro fckeditor File Upload Vulnerability » Script : News...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2010/09/28 12:0 a.m.10 views

AtomatiCMS - Upload Arbitrary File

AtomatiCMS - Upload Arbitrary File ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' Abysssec Inc Public Advisory Title : AtomatiCMS Upload arbitrary file Vulnerability Affected Version : AtomatiCMS 10all Discovery :...

0.2AI score
Exploits0
Prion
Prion
added 2010/02/27 12:30 a.m.16 views

Unrestricted file upload

Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in...

6.5CVSS7.8AI score0.0315EPSS
Exploits1References5Affected Software1
myhack58
myhack58
added 2009/12/17 12:0 a.m.31 views

dotNETCMS v1. 3 vulnerability 0day-vulnerability warning-the black bar safety net

Affected versions: dotNETCMS v1. 3 Vulnerability description: 前些 天 在 t00ls.net discussion the discovery of this system, and new cloud that vulnerability almost. By IIS6. 0 resolve get the shell. Exploit method: the article first black and white front First registered members, and then into the...

1.4AI score
Exploits0
Prion
Prion
added 2009/07/07 7:0 p.m.28 views

Unrestricted file upload

Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/numbershell.php...

6.8CVSS8AI score0.02326EPSS
Exploits1References6Affected Software1
Fedora
Fedora
added 2009/05/28 8:3 a.m.24 views

[SECURITY] Fedora 10 Update: eggdrop-1.6.19-4.fc10

Eggdrop is the world's most popular Open Source IRC bot, designed for flexibility and ease of use. It is extendable with Tcl scripts and/or C modules, has support for the big five IRC networks and is able to form botnets, share partylines and userfiles between bots...

6.8CVSS0.4AI score0.09979EPSS
Exploits7
Fedora
Fedora
added 2009/05/28 8:2 a.m.27 views

[SECURITY] Fedora 9 Update: eggdrop-1.6.19-4.fc9

Eggdrop is the world's most popular Open Source IRC bot, designed for flexibility and ease of use. It is extendable with Tcl scripts and/or C modules, has support for the big five IRC networks and is able to form botnets, share partylines and userfiles between bots...

6.8CVSS0.4AI score0.09979EPSS
Exploits7
Prion
Prion
added 2009/02/19 4:30 p.m.18 views

Unrestricted file upload

Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploadin...

7.5CVSS8.3AI score0.07811EPSS
Exploits3References5Affected Software2
Cvelist
Cvelist
added 2009/02/19 4:0 p.m.27 views

CVE-2008-6178

Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploadin...

7.7AI score0.07811EPSS
Exploits2References5
Packet Storm
Packet Storm
added 2008/12/30 12:0 a.m.35 views

phpGreetCards XSS / File Upload

................................................................................................... remote shell upload/xss script: phpGreetCards download from:http://www.w2b.ru/download/phpGreetCards.zip www.site.com/path/index.php?mode=select&category shell:...

Exploits0
exploitpack
exploitpack
added 2008/12/23 12:0 a.m.14 views

phpGreetCards - Cross-Site Scripting Arbitrary File Upload

phpGreetCards - Cross-Site Scripting Arbitrary File Upload ................................................................................................... remote shell upload/xss script: phpGreetCards download from:http://www.w2b.ru/download/phpGreetCards.zip...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2008/12/23 12:0 a.m.42 views

phpGreetCards - Cross-Site Scripting / Arbitrary File Upload

................................................................................................... remote shell upload/xss script: phpGreetCards download from:http://www.w2b.ru/download/phpGreetCards.zip www.site.com/path/index.php?mode=select&category shell:...

7AI score
Exploits0
Rows per page
Query Builder