2123 matches found
CVE-2021-44093
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...
Design/Logic Flaw
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...
CVE-2021-44093
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...
CVE-2021-44093
CVE-2021-44093 affects zrlog 2.2.2. A Remote Command Execution vulnerability exists in the avatar upload function, allowing bypass of the original limit and uploading a JSP file to obtain a WebShell. Multiple sources (NVD/NVDC, CNVD, Red Hat, CNVD, CNNVD, CVE listing) corroborate the issue and it...
ZrLog 代码问题漏洞
ZrLog is a blogging system developed using the Java language. A command execution vulnerability exists in ZrLog version 2.2.2, which can be exploited by an attacker to upload a JSP file to obtain a WebShell...
File Upload Vulnerability in Patrol Cloud Light Forum System (CNVD-2021-99759)
Patrol cloud light forum system is a JAVA MYSQL architecture based on open source web applications , including forums , Q&A modules . Patrol cloud light forum system has a file upload vulnerability , the attacker can use the vulnerability to upload webshell to obtain server privileges...
Exploit for Server-Side Request Forgery in Microsoft
python sendwebshellmail.py https://mail16.echod.com aaa@echo...
Wordpress Plugin Smart Product Review Arbitrary File Upload Vulnerability
WordPress is a blogging platform developed using the PHP language.Smart Product Review is a versatile review package for users' WooCommerce stores. Wordpress plugin Smart Product Review arbitrary file upload vulnerability can be exploited by an attacker to upload a webshell and gain server...
Online Learning System 2.0 - Remote Code Execution Exploit
Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux / Windows 10 CVE...
Zoho’s ManagedEnginePassword Manager Flaw Torched by Godzilla Webshell, New Data Stealer
A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far technology,...
Unrestricted file upload
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboardteacher.php, which allows changing the avatar through teacheravatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By...
CVE-2021-42669
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboardteacher.php, which allows changing the avatar through teacheravatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By...
Exploit for Unrestricted Upload of File with Dangerous Type in Engineers_Online_Portal_Project Engineers_Online_Portal
CVE-2021-42669 CVE-2021-42669 - Remote code execution via unre...
Mara CMS File Upload Vulnerability
Mara CMS is a file-based content management system. A file upload vulnerability exists in Mara v7.5, which stems from /codebase/dir.php?type=filenew failing to properly filter user input. An attacker can use this vulnerability to upload a webshell file to execute arbitrary commands...
Mara CMS 代码问题漏洞
Mara CMS is a file-based content management system. A file upload vulnerability exists in Mara v7.5, which stems from /codebase/dir.php?type=filenew failing to properly filter user input. An attacker can use this vulnerability to upload a webshell file to execute arbitrary commands...
Engineers Online Portal 1.0 - File Upload Remote Code Execution Vulnerability
Exploit Title: Engineers Online Portal 1.0 - File Upload Remote Code Execution RCE Exploit Author: SadKris Venor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Version: 1.0 Tested on: XAMPP, Windows 11...
Engineers Online Portal 1.0 Shell Upload
Exploit Title: Engineers Online Portal 1.0 - File Upload Remote Code Execution RCE Date: 10/23/2021 Exploit Author: SadKris Venor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Version: 1.0 Tested on: XAMPP, Windo...
rConfig SQL Injection Vulnerability (CNVD-2021-99274)
rConfig is an open source network device configuration management utility . A SQL injection vulnerability exists in rConfig version 3.9.6. An attacker can exploit this vulnerability to upload a webshell to the server and access it remotely...
CVE-2021-29004
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...
CVE-2021-29004
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...