Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution

Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution !/usr/bin/env ruby CVE-2018-7600 Drupal &1' ; " bashcmd = "echo " + Base64.strictencode64bashcmd + " | base64 -d" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Function httprequest type data def...

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Exploit

Exploit for linux platform in category remote exploits Title: TestLink Open Source Test Management comment out skip-networking as well as bind-add...

TestLink Open Source Test Management Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e chang...

Code Execution Vulnerability in HAIRUICMS v2.1.4 Site.asp File

HAIRUICMS HAIRUICMS is developed by HAIRUICMS based on Microsoft ASP and general ACCESS/MSSQL database. A code execution vulnerability exists in the HAIRUICMS v2.1.4 Site.asp file. The vulnerability is due to the incoming parameters are not filtered directly spliced into the configuration file, t...

File Upload Vulnerability in KingCMS Version v5.1

KingCMS is a set of easy to learn, simple to operate open source content management system CMS, support for PHP + sqLite3/MySQL and ASP + ACCESS/MSSQL, dedicated to the professional development of oriented programs and enterprise website construction system. A file upload vulnerability exists in...

TestLink Open Source Test Management &lt; 1.9.16 - Remote Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e change line skip-netw...

TestLink Open Source Test Management Remote Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e chang...

CVE-2018-7271

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...

CVE-2018-7271

CVE-2018-7271 affects MetInfo 6.0.0. In the installer (install/install.php), the config/config_db.php filtering during installation is insufficient, allowing an attacker to inject malicious code and potentially execute arbitrary commands or obtain a web shell. The root cause is sloppy filtering o...

CVE-2018-7271

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...

Cambium Networks cnPilot Backdoor Access Elevation of Privilege Vulnerability

Cambium Networks cnPilot is a cloud-enabled managed single-band router product from Cambium Networks, USA. A security vulnerability exists in Cambium Networks cnPilot using firmware version 4.3.2-R4 and earlier. An attacker can exploit the vulnerability by accessing the web shell using the...

CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

Path traversal

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

CVE-2017-5259

Cambium Networks cnPilot firmware versions 4.3.2-R4 and earlier are affected by CVE-2017-5259, which exposes an undocumented root-privilege admin web shell. The vulnerability is accessible via the HTTP path https:///adm/syscmd.asp and is described as a backdoor that allows execution of arbitrary ...

PT-2017-16427

Name of the Vulnerable Software and Affected Versions: Cambium Networks cnPilot firmware versions 4.3.2-R4 and prior Description: The issue concerns an undocumented, root-privilege administration web shell accessible via a specific HTTP path. This path is "https:///adm/syscmd.asp". Recommendation...

CVE-2017-15876

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...

Multiple File Upload Vulnerabilities in CLTPHP Content Management System

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. Multiple file upload vulnerabilities exist in the backend of the CLTPHP content management system, which allows attackers to log in to the backend and upload webshells to gain control of the...

Endian Firewall Stored From XSS to Remote Command Execution

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system...

VulnCheck KEV: CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...