EUVD-2018-8585

Malware in sbrugna...

CVE-2024-44373

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...

CVE-2024-44373

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...

CVE-2020-35442

FDCMS also known as Fangfa Content Management System 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php...

Arbitrary File Write Vulnerability in SiteServer CMS Backend

SiteServer CMS is a website content management system developed by Beijing Billion Software Technology Development Co., Ltd. and is widely used in state ministries, group companies and large-scale portal sites. The information collection function in the management background of SiteServer CMS doe...

Pligg CMS 2.0.2 CSRF漏洞

创建一个新文件，然后写入一个web后门，拿到webshell. 我们可以用另外一个方法也是可以用来getshell，先利用第一个漏洞编辑站点目录index.php，接着我们编辑保存下。 然后运保存成功后，查看index.php，然后就生成了test.php文件...

cmseasy csrf通过一个xss最后getshell

简要描述： 为什么我们要选择get类型的呢，因为get类型存储到数据库的时候触发时候管理员是察觉不到的，可以通过图片等进行操作，然后我们存储一个xss后门，这样一来，我们就可以加载一个远端的js，那么就各种无视token和referer了 详细说明： 开始我们先分析一段源代码： celive/admin/system.php:line:128-142: if$do == 'add' and $username != '' $password = addslashes$REQUEST'password'; $password = md5$password; $realname =...

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php)

No description provided by source. ? printr' IIS 6 WEBDAV Exploit.By [email protected] && Securiteweb.org Usage: php '.$argv0.' source/path/put host path Example: php '.$argv0.' source www.tian6.com /blog/readme.asp Example2: php '.$argv0.' path www.tian6.com /secret/ Example3: php '.$argv0.' put...