File upload vulnerability in OFCMS backend ueditor uploadVideo

OFCMS is a content management system developed based on java technology. A file upload vulnerability exists in the OFCMS backend ueditor uploadVideo, which can be exploited by an attacker to upload a webshell and gain access to the server, posing an information leakage and operational security ri...

OFCMS backend ueditor uploadImage file upload vulnerability

OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS backend ueditor uploadImage, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...

OFCMS backend ueditor uploadScrawl file upload vulnerability

OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS backend ueditor uploadScrawl, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...

Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution

Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution !/usr/bin/env python Exploit Title: FlexPaper PHP Publish Service = 2.3.6 RCE Date: March 2019 Exploit Author: Red Timmy Security - redtimmysec.wordpress.com Vendor Homepage: https://flowpaper.com/download/ Version: = 2.3.6 Tested on:...

Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution

!/usr/bin/env python Exploit Title: FlexPaper PHP Publish Service = 2.3.6 RCE Date: March 2019 Exploit Author: Red Timmy Security - redtimmysec.wordpress.com Vendor Homepage: https://flowpaper.com/download/ Version: = 2.3.6 Tested on: Linux/Unix CVE : CVE-2018-11686 Disclamer: This exploit is for...

Starbucks: Webshell via File Upload on ecjobs.starbucks.com.cn

Summary: OS Command Injection which can let the attacker who get more important information of the server,such as disclosures internal source code of the webapp,database data and invade the internal network. Description: I found that users can upload asp/aspx and other dynamic files via the avata...

OFCMS backend editUploadImage method has file upload vulnerability

OFCMS is a content management system developed based on java technology. A file upload vulnerability exists in the editUploadImage method in the background of OFCMS, which can be exploited by an attacker to upload a webshell and gain access to the server, posing an information leakage and...

Page code execution vulnerability in MLECMS backend s***_uc***r.php

MLECMS is a multilingual, free and open source content management system. A page code execution vulnerability exists in the MLECMS backend sucr.php. An attacker can exploit the vulnerability to write a webshell to a user-accessible php page to gain server control privileges...

File upload vulnerability in DedeCMS fi***_cl***.php file

Dream Content Management System DedeCMS is a PHP open source website management system. A file upload vulnerability exists in the DedeCMS ficl.php file. Allows an attacker to upload a webshell and gain server privileges...

File Upload Vulnerability in Ice OrderBox System

Ice point ordering treasure system is unit enterprise internal canteen ordering management software, through the cell phone APP WeChat ordering, for canteen ordering consumption management. A file upload vulnerability exists in Freezing Point Ordering System, which allows an attacker to upload a...

File Upload Vulnerability in Tongwang iOA Collaboration Office Platform

Tongwang iOA collaborative office platform is a collaborative office application platform. A file upload vulnerability exists in Tongwang iOA Collaboration Office Platform. It allows an attacker to upload a webshell and gain server privileges...

Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload

Exploit Title: Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10012 - arbitrary file upload Date: 18-02-2019 Exploit Author: Dao Duy Hung [email protected] Vendor Homepage: https://www.manageengine.com/products/service-desk/ Software Link:...

Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload

Exploit Title: Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10012 - arbitrary file upload Date: 18-02-2019 Exploit Author: Dao Duy Hung [email protected] Vendor Homepage: https://www.manageengine.com/products/service-desk/ Software Link:...

Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload

Exploit Title: Exploit for Blueimp's jQuery File Upload include include include include include include define BSIZE 1024 define DEBUG 1 define TESTONLY 0 void buildstring char p, char path, char arg, char ar1, int func; int main int argc, char argv int sock = 0, bytesread = 0, total = 0, functio...

Webshell Bypass Vulnerability in Web Security Dog (Apache Edition) V4.0

Website Security Dog Apache Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection features. Web Security Dog Apache Edition V4.0 has a webshell bypass vulnerability that can be exploited by attackers to execute...

Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit

Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit Exploit Title: Exploit for Blueimp's jQuery File Upload include include include include include include define BSIZE 1024 define DEBUG 1 define TESTONLY 0 void buildstring char p, char path, char arg, char ar1, int func; int main...

Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit

Exploit Title: Exploit for Blueimp's jQuery File Upload include include include include include include define BSIZE 1024 define DEBUG 1 define TESTONLY 0 void buildstring char p, char path, char arg, char ar1, int func; int main int argc, char argv int sock = 0, bytesread = 0, total = 0, functio...

WordPress Plugin WP-Ajax-Form-Pro Remote Upload Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A remote upload vulnerability exists in WordPress plugin WP-Ajax-Form-Pro. Allows an attacker to upload a webshell and gain...

WordPress Plugin Audio Record Arbitrary File Upload Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin Audio Record. Allows an attacker to upload a webshell a...

Wordpress theme cameleon arbitrary file upload vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Wordpress theme cameleon suffers from an arbitrary file upload vulnerability. Allows an attacker to upload a webshell and gai...