2126 matches found
CVE-2019-1010062
Summary: CVE-2019-1010062 affects PluckCMS 4.7.4 and earlier. The vulnerability is CWE-434: Unrestricted Upload of File with Dangerous Type, enabling potential webshell access. The issue is traced to data/inc/images.php at line 36, with the attack vector described as manipulating the MIME TYPE in...
File upload vulnerability in Tongda OA 2015, 2016 Of***.php file
Ltd. is subordinate to China National Weapons Industry Information Center CNWIIC, which is referred to as Tongda Xinke. It is a high-tech team with the main business of collaborative management software development and implementation, service and consulting. A file upload vulnerability exists in...
CVE-2019-12803
In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system comman...
CVE-2019-12803
In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system comman...
Command injection
In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system comman...
CVE-2019-12803
CVE-2019-12803 affects Hunesion i-oneNet, versions 3.0.7–3.0.53 and 4.0.4–4.0.16. The root cause is a vulnerable upload web module that does not properly verify the file extension and type, enabling an attacker to upload a webshell. The webshell can then be used for remote code execution, includi...
CVE-2019-12803 Hunesion i-oneNet unrestricted file upload vulnerability
In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system comman...
PT-2019-12953 · Hunesion · Hunesion I-Onenet
Name of the Vulnerable Software and Affected Versions: Hunesion i-oneNet versions 3.0.7 through 3.0.53 Hunesion i-oneNet versions 4.0.4 through 4.0.16 Description: The issue arises from the specific upload web module not verifying the file extension and type, allowing an attacker to upload a...
File Upload Vulnerability in MetInfo Version 6.2.0
MetInfo adopts PHP + Mysql architecture, which is a cms building system for enterprise website construction. A file upload vulnerability exists in MetInfo version 6.2.0. It allows attackers to upload webshell and gain server privileges...
SeedDMS versions < 5.1.11 - Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4:...
Exploit for Cross-site Scripting in Netgate Pfsense
CVE-2019-12949 From Cross Site Scripting Vulnerability to Re...
Exploit for Injection in Oracle Agile_Plm
WebLogic CVE-2019-2725, CVE-2019-2729 – POC Execute comman...
SeedDMS Remote Command Execution
Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4: Now go to...
File Upload Vulnerability in Waychar 120 Emergency Command Center Web Services System
120 Emergency Command Center Web Service System is a set of web application services for 120 Emergency Command Center, including internal training, learning and assessment functions. A file upload vulnerability exists in the waychar 120 Emergency Command Center Web Service System. The vulnerabili...
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
Exploit Title: Authenticated code execution in insert-or-embed-articulate-content-into-wordpress Wordpress plugin Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archive Date: june 2019 Exploit Author: xulchibalraa Vendor Homepage:...
File Upload Vulnerability in Tpshop v3.5 Ue***.php Page
Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A file upload vulnerability exists in the Tpshop v3.5 Ue.php page. It allows an attacker to upload a webshell and gain server privileges...
Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE", 'Description' = %q This module exploits a php object instantiation...
Shopware createInstanceFromNamedArguments PHP Object Instantiation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE", 'Description' = %q This module exploits a php object instantiation...
Shopware createInstanceFromNamedArguments PHP Object Instantiation Exploit
This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently...
Using SMB to bypass PHP Remote File Inclusion limit-vulnerability warning-the black bar safety net
In this article, I share a little bit of PHP Program in a remote file inclusion vulnerability, it will often be in the file contains is use. Although the PHP environment has been configured to prohibit from the remote HTTP/FTP URL contains the file, but I will share how to bypass Remote File...