2126 matches found
Design/Logic Flaw
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell...
CVE-2018-16785
The connected sources confirm a concrete vulnerability in DedeCMS v5.7 SP2 (PHP-based CMS): a file-write flaw that attackers can exploit to write a script file and obtain a webshell. This CVE (CVE-2018-16785) is described as affecting DedeCMS 5.7 SP2 with XML injection/file-write mechanics enabli...
CVE-2018-16785
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell...
Click It Up: Targeting Local Government Payment Portals
FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associat...
File Upload Vulnerability in Laoban CMS Backend
Laoban CMS content management system referred to as: Laoban CMS is developed by Laoban based on PHP + MYSQL environment of the open source station-building system. File upload vulnerability exists in the background of Laoban CMS. It allows attackers to upload webshell and gain server privileges...
File Upload Vulnerability in Chengdu Silo Technology Co.
Chengdu Silo Technology Co., Ltd. provides WEB-based system development, services covering web design, website program development, mainstream domain name registration, domestic and international space application, WEB system development, secondary development of WeChat, cell phone website...
File Upload Vulnerability in YCCMS v3.3
YCCMS is a PHP version of a lightweight CMS builder. A file upload vulnerability exists in YCCMS v3.3. It allows attackers to upload webshell and gain server privileges...
MetInfo Cross-Site Scripting Vulnerability (CNVD-2018-19563)
MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A security vulnerability exists in the 'doexport' function in the app/system/feedback/admin/feedbackadmin.class.php file in MetInfo version 6.1.0. The vulnerability can be exploited ...
Apache Portals Pluto 3.0.0 Remote Code Execution
Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...
Apache Portals Pluto 3.0.0 - Remote Code Execution
Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested...
Apache Portals Pluto 3.0.0 - Remote Code Execution
Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...
Hefei City, a new software development limited liability company a new housing provident fund series of software with ultra vires access vulnerability
Hefei City, a new software development limited liability company is a computer software development, promotion and provide business management consulting services based on high-tech companies. A vulnerability exists in the Hefei Yixin Software Development Limited Liability Company's Yixin Housing...
Directory traversal
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a...
Unrestricted file upload
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...
CVE-2018-1000658
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...
CVE-2018-1000658
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...
CVE-2018-1000659
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a...
CVE-2018-1000659
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a...
CVE-2018-1000658
LimeSurvey before version 3.14.4 contains a file-upload vulnerability in the upload feature that allows code execution via a webshell. An authenticated user could upload a ZIP archive containing PHP files and trigger execution under certain conditions. The issue is fixed in version 3.14.4 (commit...
CVE-2018-1000658
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...