2123 matches found
File upload vulnerability in UCMS fi***.php file
UCMS is a content management system written in PHP. A file upload vulnerability exists in the UCMS fi.php file. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
SEO Panel 4.6.0 Remote Code Execution
Exploit Title: SEO Panel 4.6.0 - Remote Code Execution Google Dork: N/A Date: 2020-10-03 Exploit Author: Kiko Andreu kikoas1995 & Daniel Monzón stark0de Vendor Homepage: https://seopanel.org/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Kali Linux x64 5.4.0 C...
File Upload Vulnerability in Fishy CMS Backend Data Backup Branch
FishLeap CMS is a content management system specifically geared towards enterprise applications. A file upload vulnerability exists in the backend data backup of Fishy CMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
SEO Panel 4.6.0 - Remote Code Execution (1)
Exploit Title: SEO Panel 4.6.0 - Remote Code Execution Google Dork: N/A Date: 2020-10-03 Exploit Author: Kiko Andreu kikoas1995 & Daniel Monzón stark0de Vendor Homepage: https://seopanel.org/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Kali Linux x64 5.4.0 C...
Exploit for CVE-2018-2894
Weblogic CVE-2018-2894 CVE-2018-2894 0x01 前言 Oracle 7月更新中,修复了Weblogic Web Service Test Page中一处任意文件上传漏洞,Web Service Test Page 在“生产模式”下默认不开启,所以该漏洞有一定限制, 利用该漏洞,可以上传任意jsp文件,进而获取服务器权限。 0x02 漏洞环境 Ubuntu 16.04 https://github.com/vulhub/vulhub/blob/master/weblogic/CVE-2018-2894/ 执行如下命令,启动weblogic 12.2.1....
Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution
Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution Date: 2018-08-15 Exploit Author: Milad Fadavvi Author's LinkedIn: https://www.linkedin.com/in/fadavvi/ Vendor Homepage: https://www.comodo.com/ Version: Releases before 2.7.0 & 1.5.0 Tested on:...
Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution Date: 2018-08-15 Exploit Author: Milad Fadavvi Author's LinkedIn: https://www.linkedin.com/in/fadavvi/ Vendor Homepage: https://www.comodo.com/ Version: Releases before 2.7.0 & 1.5.0 Tested on:...
CVE-2020-23828
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution RCE on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses...
File Upload Vulnerability in CMS Backend
High Fives CMS is a free database-free CMS system. A file upload vulnerability exists in the backend of High Fives CMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in Mantis Chinese Enhanced Edition
Mantis is a lightweight open source defect tracking system based on PHP technology to provide project management and defect tracking services in the form of Web operations . A file upload vulnerability exists in the Chinese enhanced version of Mantis. An attacker can exploit the vulnerability to...
File Upload Vulnerability in the Application Resource Library Platform of Xiamen NetZhongwei Software Co.
Xiamen net in the net software limited company is specialized in accounting class teaching teaching software product development, service, sales enterprises. A file upload vulnerability exists in the application repository platform of Xiamen NetZhongwei Software Co. An attacker can use the...
Mara CMS 7.5 Remote Code Execution
Exploit Title: Mara CMS 7.5 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Michele Cisternino 0blio Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5...
Mara CMS 7.5 - Remote Code Execution (Authenticated)
Exploit Title: Mara CMS 7.5 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Michele Cisternino 0blio Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5...
DBHcms Arbitrary File Write Vulnerability
DBHcms is a small, free and open source content management system for personal and small business websites. An arbitrary file write vulnerability exists in dbhcmsmodmod.editor.php $POST'updatefile' in DBHcms 1.2.0. An administrator user can exploit this vulnerability to obtain a webshell...
CVE-2020-19891
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...
Design/Logic Flaw
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...
CVE-2020-19891
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...
TPshop open source mall management background Ueditor page file upload vulnerability
TPshop open source mall is developed with the latest version of ThinkPHP shop mall. TPshop open source mall management background Ueditor page file upload vulnerability. Attackers can use this vulnerability to upload webshell, get server privileges...
TPshop open source mall management background Uploadify page file upload vulnerability
TPshop open source mall is developed with the latest version of ThinkPHP shop mall. TPshop open source mall management background Uploadify page file upload vulnerability. Attackers can use this vulnerability to upload webshell, get server privileges...
TPshop open source mall merchant management background Ueditor page file upload vulnerabilities exist
TPshop open source mall is developed with the latest version of ThinkPHP shop mall. TPshop open source mall merchant management backend file upload vulnerability. Attackers can use this vulnerability to upload webshell, get server privileges...