CVE-2024-9985 Ragic Enterprise Cloud Database - Arbitrary File Upload

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server...

Ragic Enterprise Cloud Database 安全漏洞

Ragic Enterprise Cloud Database is an enterprise cloud database from Ragic, Inc. A security vulnerability exists in versions of Ragic Enterprise Cloud Database prior to 2024/08/08 09:45:25, which stems from failure to properly validate uploaded file types, allowing an attacker with regular...

PT-2024-39982 · Ragic · Enterprise Cloud Database

Name of the Vulnerable Software and Affected Versions: Enterprise Cloud Database from Ragic affected versions not specified Description: The issue is related to the improper validation of file types for uploads in the Enterprise Cloud Database from Ragic. Attackers with regular privileges can...

WordPress File Manager Advanced Shortcode 2.3.2 Code Injectin / Shell Upload

============================================================================================================================================= | Title : WordPress File Manager Advanced Shortcode 2.3.2 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

MagnusBilling 6.x Code Injection

============================================================================================================================================= | Title : MagnusBilling 6.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bit...

Chamilo 1.11.18 Code Injection

============================================================================================================================================= | Title : Chamilo 1.11.18 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits ...

Craft CMS 4.4.14 Code Injection

============================================================================================================================================= | Title : Craft CMS 4.4.14 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits...

Vulnerabilities fixed in Zimbra

Synacor has fixed vulnerabilities in Zimbra Collaboration. By sending a specially prepared e-mail to the SMTP server, code execution can be obtained directly on the Zimbra server that can be used, for example, to place a webshell. Researchers have published Proof-of-Concept code that demonstrates...

Gambio Online Webshop 4.9.2.0 Code Injection

============================================================================================================================================= | Title : Gambio Online Webshop 4.9.2.0 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 PoC This repository is a proof of concept PoC...

Vehicle Service Management System 1.0 Code Injection

============================================================================================================================================= | Title : Vehicle Service Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

PT-2024-32027 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions prior to 2.3.15 Description: A remote code execution issue in the /admin/store.php component of Emlog Pro allows attackers to use remote file downloads and self-extract functions to upload webshells to the target server,...

emlog 安全漏洞

emlog is a PHP and MySQL based CMS website builder for emlog individual developers. A security vulnerability exists in emlog versions prior to v2.3.15, which stems from the presence of a Remote Code Execution RCE vulnerability that allows an attacker to gain system privileges by uploading a...

CVE-2024-8463

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

CVE-2024-8463

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

CVE-2024-8463 File upload restriction bypass vulnerability in Job Portal

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

CVE-2024-8463 File upload restriction bypass vulnerability in Job Portal

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

CVE-2024-45171

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup file...

PHPGurukul Job Portal 代码问题漏洞

PHPGurukul Job Portal is a PHP-based job search website system from PHPGurukul Inc. A code issue vulnerability exists in PHPGurukul Job Portal version 1.0, which stems from the inclusion of an unrestricted file upload vulnerability. An attacker can exploit this vulnerability to conduct remote cod...

PT-2024-39030 · Unknown · Phpgurukul Job Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Job Portal version 1.0 Description: The issue is a file upload restriction bypass vulnerability, which could allow an authenticated user to execute a Remote Code Execution RCE via webshell. Recommendations: For PHPGurukul Job Porta...