26 matches found
EUVD-2021-15645
Malware in sbrugna...
EUVD-2023-54444
Malicious code in bioql PyPI...
EUVD-2022-49965
Malicious code in bioql PyPI...
Exploit for CVE-2025-5394
🚨 CVE-2025-5394 - Unauthenticated Arbitrary Plugin Upload in A...
CVE-2025-30131
An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam...
CVE-2020-19891
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...
TRCore DVC File Upload Vulnerability (CNVD-2024-46433)
TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a file upload vulnerability that can be exploited by an attacker to upload arbitrary files to any directory and achieve arbitrary code execution by uploading a webshell...
CVE-2023-4591
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion LFI via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the...
CVE-2023-4591
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion LFI via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the...
Remote file inclusion
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion LFI via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the...
CVE-2023-4591 Inclusion of Functionality from Untrusted Control Sphere in WPN-XM Serverstack
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion LFI via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the...
CVE-2023-4591
CVE-2023-4591 affects WPN-XM Serverstack 0.8.6. A local file inclusion flaw in the /tools/webinterface/index.php?page parameter allows an unauthenticated user to load server PHP files, potentially enabling a webshell. The issue is rooted in LFI handling and is described across multiple sources as...
CVE-2023-4591 Inclusion of Functionality from Untrusted Control Sphere in WPN-XM Serverstack
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion LFI via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the...
File Upload Vulnerability in Dahua In-vehicle Integrated Management Platform of Zhejiang Dahua Technology Co.
Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the Dahua vehicle integrated management platform of Zhejiang Dahua Technology Co. An attacker can exploit the vulnerability to upload a...
File Upload Vulnerability in e-office Panmicro Collaboration Office System
e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, and asset management functions. A file upload vulnerabili...
File Upload Vulnerability in Easy Control World (CNVD-2021-33158)
Easy Control World is an automation monitoring and information management platform created by Beijing Jiushi Yi Automation Software Co. A file upload vulnerability exists in Easy Control World. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in Easy Control World
Easy Control World is an automation monitoring and information management platform created by Beijing Jiushi Yi Automation Software Co. A file upload vulnerability exists in Easy Control World. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
Netrend World Intelligence (Intelligence) File Upload Vulnerability in Intelligent Tire Monitoring Management System of Netrend World (Beijing) Intelligent Technology Co.
Ltd. is a technology-based enterprise focusing on the Internet of Things IoT for commercial vehicle tires, the first smart tire co-development unit in China, with a number of invention patents and software copyrights, and has obtained the CE of the European Union and the FCC certification of Nort...
逐浪CMS任意文件类型上传获取webshell
简要描述: 没有对上传文件类型进行判断,可直接上传动态脚本获取webshell 详细说明: 从官网下载cms代码 在源码目录下的edit目录下batupload.aspx文件 通过反编译看到源码如下 None 如图 仅仅测试而已 不知道为啥传aspx格式的文件不行,把一句话木马的文件改成图片格式就可以了 不知道服务器上有什么东西拦截了...
cmseasy官方演示站某漏洞获取webshell
简要描述: csrf+lfi拿下shell 详细说明: 1.这里直接进数据库了,没有判断路径是否跳出了templete目录的问题 2.然后利用这一点,我们可以构造如下页面,诱惑管理员访问: 3.官方演示站,我们可以直接用测试帐号登录,然后点击这个页面 当然也可以手动去后台添加 (官方下载的5.5版本,安装好之后自动带有两个自定义表单,无需管理员手动添加,我就利用了其中一个): 4.其数据包如下: 5.提交后访问如下页面即可获得shell(无需登陆) test1站的shell...