U.S. Dept Of Defense: [hta3] Remote Code Execution on ████

Vulnerability description not provided...

2020 Ends With A Bang

December 2020 was an eventful month in cyber security. This blog recaps three of the major security events we saw towards the end of last year. December began with FireEye’s breach announcement that included a leak of its red team tools arsenal. Quickly after this announcement, Imperva Threat...

File Upload Vulnerability in OpenLab Programming Network Teaching and Exam Platform of Shanghai Rigel Software Co.

OpenLab is a comprehensive teaching management and experiment platform for program design teaching, daily practice, on-line experiment, unit test, mid-term and final exam. A file upload vulnerability exists in the OpenLab Programming Network Teaching and Testing Platform of Shanghai Rigel Softwar...

Actively exploited vulnerability fixed in SolarWinds Orion

SolarWinds has fixed a vulnerability in the Orion Platform. A malicious party could exploit this vulnerability to bypass authentication within the Orion API. Subsequently, the API can be used to compromise the Orion installation or underlying operating system. The vulnerability is actively...

UCMS suffers from a file upload vulnerability (CNVD-2021-00046)

UCMS is a content management system written in PHP. There is a file upload vulnerability in the UCMS backend, which can be exploited by an attacker to upload arbitrary scripts to obtain a website webshell...

File Upload Vulnerability in EAP Enterprise Adaptation Management Platform of Shenzhen Aide Digital Intelligence Technology Co.

EAP Enterprise Adaptive Management Platform is an enterprise management software designed by Sap for the complexity and diversity of real estate enterprise management in China. Ltd. EAP Enterprise Adaptation Management Platform has a file upload vulnerability that can be exploited by an attacker ...

File Upload Vulnerability in Fast Platoon CMS

Fast Row CMS is open source and free PHP enterprise website production, construction, development and optimization of SEO management system. A file upload vulnerability exists in Fastrack CMS. Attackers can use the vulnerability to upload webshell and gain server privileges...

File Upload Vulnerability in Comprehensive Information Management Platform of Sichuan Wanbo Education Software Co.

Sichuan Wanbo Education Software Co., Ltd. is an enterprise focusing on the reform and innovation of China's vocational education, education informatization construction, education consulting and services. A file upload vulnerability exists in the comprehensive information management platform of...

SolarWinds SUPERNOVA .NET Webshell Traffic

SolarWinds SUPERNOVA .NET Webshell is a malicious application that allows remote attackers to gain access to an affected system...

File Upload Vulnerability in Multiple Platforms of Nanjing Kuchi Information Technology Co.

Nanjing Kuchi Information Technology Co., Ltd. is a high-tech enterprise integrating R&D, sales and service. A file upload vulnerability exists in several platforms of Nanjing Kuchi Information Technology Co. Attackers can utilize the vulnerability to upload webshell and gain server privileges...

File Upload Vulnerability in ClassCMS Backend

ClassCMS is a content management system. A file upload vulnerability exists in the ClassCMS backend. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File Upload Vulnerability in the Library Cluster Management System of Guangzhou Tutron Computer Software Development Co.

Ltd. is a high-tech enterprise integrating product research and development, application integration and customer service, with the main goal of providing high-quality application software system design, integration and maintenance services for users in the library industry. A file upload...

Alumni Management System 1.0 Shell Upload

Exploit Title: Alumni Management System 1.0 - Unrestricted File Upload To RCE Exploit Author: Aakash Madaan Date: 2020-12-17 Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...

Alumni Management System 1.0 - Unrestricted File Upload To RCE

Exploit Title: Alumni Management System 1.0 - Unrestricted File Upload To RCE Exploit Author: Aakash Madaan Date: 2020-12-17 Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...

Online Marriage Registration System 1.0 Remote Code Execution

Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-14-12 Exploit Author: Andrea Bruschi - www.andreabruschi.net Vendor Homepage: https://phpgurukul.com/ Software Link:...

Uc365 site navigation open source version of da***.php file file upload vulnerability

Youkai 365 Web site navigation open source version is based on PHP + MYSQL development and construction of open source Web site catalog management system. Uke365 Web site navigation open source version of da.php file file upload vulnerability . Attackers can use the vulnerability to upload...

File upload vulnerability in AikCms backend vi***_ad***.php page

AikCms is a lightweight CMS. A file upload vulnerability exists in the AikCms backend viad.php page, which can be exploited by an attacker to upload a webshell and gain server privileges...

Netrend World Intelligence (Intelligence) File Upload Vulnerability in Intelligent Tire Monitoring Management System of Netrend World (Beijing) Intelligent Technology Co.

Ltd. is a technology-based enterprise focusing on the Internet of Things IoT for commercial vehicle tires, the first smart tire co-development unit in China, with a number of invention patents and software copyrights, and has obtained the CE of the European Union and the FCC certification of Nort...

File upload vulnerability in DedeCMSV6 backend fi***_na***_co***.php file

DedeCMSV6 is based on PHP 7.x development, is scalable and fully open source. A file upload vulnerability exists in the DedeCMSV6 backend finaco.php file. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

WonderCMS 3.1.3 Remote Code Execution

Exploit Title: WonderCMS 3.1.3 - Authenticated Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu 16.04 CVE : N/A...