2126 matches found
Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE
This module exploits a php object instantiation vulnerability that can lead to RCE in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which ca...
Scanners-Box
This is a collection of open-source scanning tools and wordlists for web application security testing. The repository, Scanners-Box, is a collection of tools from various contributors, including lijiejie, ringzero, and others. The tools are categorized into subdomains, database vulnerability...
File upload vulnerability in the up***.php file of Pangu's backend management system
Pangu Network is a regional service operator authorized by Baidu, a group of companies providing integrated network marketing services to customers in the region with Baidu's business as the core. A file upload vulnerability exists in the up.php file of Pangu's backend management system. An...
File upload vulnerability in the file li***_ed***.php of the backend management system of Acme CMS
Acme CMS is a CMS builder using PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction. There is a file upload vulnerability in the file lied.php in the background management system of Acme CMS. Attackers can use the vulnerability to upload webshe...
File Upload Vulnerability in Tuan Ah VIP Movie System
Group ah VIP movie system is a set of registered members with proxy version of the VIP movie video watching website source code. There is a file upload vulnerability in Tuan Ah VIP Movie System. Allows attackers to upload webshell and gain server privileges...
File upload vulnerability in the vi***_ed***.php file of the backend management system of Acme CMS
Acme CMS is a CMS builder using PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction. There is a file upload vulnerability in the vied.php file in the background management system of Acme CMS. Attackers can use the vulnerability to upload webshe...
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
CNVD-C-2019-48814和CNNVD-201904-961 感谢t00ls-ximcx0101提供脚本 CNVD-...
Instantbox - Get A Clean, Ready-To-Go Linux Box In Seconds
Get a clean, ready-to-go Linux box in seconds. Introduction What is instantbox? It's a project that spins up temporary Linux systems with instant webshell access from any browser. What can an instantbox do? 1. provides a clean Linux environment for a presentation 2. let students experience the...
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF', 'Description' = %q This module exploits an XML external entity vulnerabilit...
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF Exploit
This Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains a...
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
This module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP...
File Upload Vulnerability in ArtCMS Frontend User Modified Avatar Location
ArtCMS is a website management system. A file upload vulnerability exists in ArtCMS at the location where the front-end user modifies his avatar. It allows attackers to upload a webshell and gain server privileges...
File upload vulnerability in tx***_fi***.php file in TextpatternCMS backend
TextpatternCMS is a content management system written in PHP. A file upload vulnerability exists in the txfi.php file in the backend of TextpatternCMS. It allows an attacker to upload a webshell and gain server privileges...
File upload vulnerability in DedeCMS al***_ed***.php file
Dream Content Management System DedeCMS is a PHP open source website management system. A file upload vulnerability exists in the DedeCMS aled.php file. Allows an attacker to upload a webshell and gain server privileges...
File Upload Vulnerability in QCMS 3.0.1 Backend
QCMS website management system is a PHP lightweight system developed through MVC architecture. A file upload vulnerability exists in QCMS version 3.0.1. An attacker can exploit the vulnerability to forge bypass the background login, upload webshell, and gain server privileges...
File Upload Vulnerability in the DB***.aspx Page of the Backend of Ice Order Treasure
Ice point ordering treasure is unit enterprise internal canteen ordering management software, through the cell phone APP WeChat ordering, for canteen ordering consumption management. There is a file upload vulnerability in the DB.aspx page in the background of Freezing Point Food Ordering Treasur...
CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload
CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload !/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org...
File Upload Vulnerability in MyfCMS v2.0
MyfCMS is a PHP+Mysql content management system. A file upload vulnerability exists in MyfCMS v2.0, which can be exploited by attackers to upload a webshell and gain server privileges...
File upload vulnerability in OFCMS backend ueditor uploadFIle
OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS backend ueditor uploadFIle, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...
OFCMS background upload file upload vulnerability
OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS background upload, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...