Lucene search
K

2198 matches found

ATTACKERKB
ATTACKERKB
added 2022/04/05 3:15 p.m.4 views

CVE-2022-26986

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...

8.5CVSS6.1AI score0.04146EPSS
Exploits4References3
The Hacker News
The Hacker News
added 2022/04/05 7:31 a.m.188 views

CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added the recently disclosed remote code execution RCE vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." The critical severity flaw,...

10CVSS0.1AI score0.99677EPSS
Exploits103
OSV
OSV
added 2022/04/05 12:0 a.m.12 views

CVE-2022-26986

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...

8.5CVSS7.2AI score0.04146EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2022/04/05 12:0 a.m.2 views

PT-2022-18162 · Unknown · Impresscms

Name of the Vulnerable Software and Affected Versions: ImpressCMS versions 1.4.3 and earlier Description: The issue allows remote attackers to inject code in an unintended way, enabling them to read and modify sensitive information from the database used by the application. If the system is...

8.5CVSS6.8AI score0.04146EPSS
Exploits4References9
ATTACKERKB
ATTACKERKB
added 2022/04/04 4:15 p.m.8 views

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

7.2CVSS7AI score0.01484EPSS
Exploits2References2
NVD
NVD
added 2022/04/04 4:15 p.m.23 views

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

7.2CVSS0.01484EPSS
Exploits2References1
Prion
Prion
added 2022/04/04 4:15 p.m.16 views

Design/Logic Flaw

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

6.5CVSS7AI score0.01484EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/04/04 3:35 p.m.87 views

CVE-2022-0537

CVE-2022-0537 affects MapPress Maps for WordPress before 2.73.13. A high-privileged user can bypass DISALLOW_FILE_EDIT/DISALLOW_FILE_MODS and upload arbitrary files via the ajax_save function. The uploaded file is written relative to the current theme/stylesheet directory and given a .php extensi...

7.2CVSS6.9AI score0.01484EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2022/03/31 12:0 a.m.521 views

Medical Hub Directory Site 1.0 SQL Injection

Title: Medical Hub Directory Site 1.0 Blind Time SQLi To Rce Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip...

0.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/03/29 4:0 p.m.16 views

3 steps to secure your multicloud and hybrid infrastructure with Azure Arc

As businesses around the world grapple with the growth of an industrialized, organized attacker ecosystem, the need for customers to secure multicloud and hybrid infrastructure and workloads is increasingly urgent. Today, organizations face an attacker ecosystem that is highly economically...

7.7AI score
Exploits0
GithubExploit
GithubExploit
added 2022/03/16 11:56 a.m.596 views

Exploit for CVE-2021-21983

CVE-2021-21975 VMware vRealize Operations vROps Manager API...

8.5CVSS7.8AI score0.7829EPSS
Exploits12
OSV
OSV
added 2022/03/15 12:0 a.m.32 views

GHSA-RGG3-3WH7-W935 Unrestricted Upload of File with Dangerous Type in Zenario CMS

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

9.8CVSS6.8AI score0.02484EPSS
Exploits5References7
NVD
NVD
added 2022/03/14 3:15 p.m.29 views

CVE-2021-42171

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

7.2CVSS0.02484EPSS
Exploits5References3
OSV
OSV
added 2022/03/14 3:15 p.m.15 views

CVE-2021-42171

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

7.2CVSS6.9AI score
Exploits0References3
Prion
Prion
added 2022/03/14 3:15 p.m.17 views

Unrestricted file upload

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

6.5CVSS6.7AI score0.02484EPSS
Exploits5References3Affected Software1
CVE
CVE
added 2022/03/14 2:51 p.m.124 views

CVE-2021-42171

CVE-2021-42171 affects Zenario CMS 9.0.54156 and is a file-upload vulnerability that allows remote code execution. The root cause, per the sources, is lack of validation of uploaded files. Exploitation exists in public advisories (e.g., Exploit-DB) demonstrating an authenticated path to achieve R...

7.2CVSS6.8AI score0.02484EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2022/03/14 2:51 p.m.34 views

CVE-2021-42171

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

7AI score0.02484EPSS
Exploits5References3
wpexploit
wpexploit
added 2022/03/14 12:0 a.m.115 views

MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution

The plugin allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current theme's stylesheet directory, and a .php file extension is added. No validation...

7.2CVSS0.6AI score0.01484EPSS
Exploits2
OSV
OSV
added 2022/03/11 12:2 a.m.19 views

GHSA-4PWW-FQGH-36HJ Unrestricted Upload of File with Dangerous Type in Croogo

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2 via admin/file-manager/attachments, which lets a malicious user upload a web shell script...

8.8CVSS8.9AI score0.08963EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/03/11 12:2 a.m.25 views

Unrestricted Upload of File with Dangerous Type in Croogo

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2 via admin/file-manager/attachments, which lets a malicious user upload a web shell script...

8.8CVSS2.9AI score0.08963EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder