CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2018/04/27 12:0 a.m.•1 views

Cloudcms v1.5.9.0 File Upload Vulnerability

Cloudcms is a backend content management system for enterprise websites. There is a file upload vulnerability in cloudcms v1.5.9.0, which allows attackers to obtain a webshell by uploading a php file...

6.9AI score

CNVD•added 2018/04/25 12:0 a.m.•1 views

Arbitrary File Write Vulnerability in phpComasy CMS System

phpComasy CMS is a foreign open source content management system, with simple and fast, scalable, is the ideal system for small and medium-sized websites. phpComasy CMS system suffers from an arbitrary file write vulnerability. An attacker can exploit the vulnerability to write a malicious file a...

7AI score

CNVD•added 2018/04/20 12:0 a.m.•4 views

AXIS M1033-W Code Execution Vulnerability

AXIS M1033-W is a network camera product from Axis Sweden. A code execution vulnerability exists in the AXIS M1033-W version 5.40.5.1, which originates from an uploaded web page that fails to verify the file type. A remote attacker can exploit this vulnerability to upload a webshell and execute...

7.6CVSS8AI score0.03218EPSS

CNVD•added 2018/04/20 12:0 a.m.•3 views

AXIS M1033-W Code Execution Vulnerability (CNVD-2018-09671)

AXIS P1354 is a network camera product from Axis Sweden. AXIS P1354 with firmware version 5.90.1.1 has a security vulnerability that originates from uploading a web page without checking the file type. A remote attacker can exploit this vulnerability to upload a webshell and execute code...

7.6CVSS7.3AI score0.03944EPSS

CNVD•added 2018/04/11 12:0 a.m.•2 views

Code Execution Vulnerability in vlcms v1.2.0

vlcms is a management system based on Thinkphp framework to solve the promotion of handicraft. A code execution vulnerability exists in vlcms v1.2.0. The vulnerability is due to modify the site settings, the parameter values into the cache file process fails to filter due to the attacker can use...

7.5AI score

CNVD•added 2018/04/11 12:0 a.m.•2 views

MobileCms v1.2 Arbitrary File Upload Vulnerability

MobileCms is a ThinkPhp framework based on the development of background content management system , provides for Android Iphone Phonegap windowsPhone call api interface , developers only need to make simple changes , you can provide interface data for mobile devices . MobileCms v1.2 there are...

7.1AI score

CNVD•added 2018/04/09 12:0 a.m.•2 views

Code Execution Vulnerability in Gxlcms News System DataAction.class.php

Gxlcms News System is a news cms content management system developed in php+mysql. A code execution vulnerability exists in DataAction.class.php of Gxlcms News System. An attacker can exploit the vulnerability to obtain a webshell...

7.5AI score

CNVD•added 2018/04/02 12:0 a.m.•1 views

File Upload Vulnerability in CLTPHP "System Settings in the Backend of the Site"

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. A file upload vulnerability exists in the "System Settings in the backend of the website" of CLTPHP. The vulnerability allows attackers to upload webshell and gain server privileges...

7.1AI score

OSV•added 2018/04/01 6:29 p.m.•2 views

CVE-2018-9157

An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude...

7.5CVSS6.3AI score0.03218EPSS

NVD•added 2018/04/01 6:29 p.m.•16 views

CVE-2018-9157

7.6CVSS8.1AI score0.03218EPSS

ATTACKERKB•added 2018/04/01 6:29 p.m.•4 views

CVE-2018-9157

7.6CVSS5.5AI score0.03218EPSS

Exploits0References2

Prion•added 2018/04/01 6:29 p.m.•16 views

Cross site request forgery (csrf)

DISPUTED An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server...

7.6CVSS8.1AI score0.03218EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2018/04/01 6:29 p.m.•3 views

CVE-2018-9156

An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude modul...

7.6CVSS5.5AI score0.03944EPSS

Exploits1References2

OSV•added 2018/04/01 6:29 p.m.•7 views

CVE-2018-9156

7.5CVSS6.3AI score0.03944EPSS

NVD•added 2018/04/01 6:29 p.m.•18 views

CVE-2018-9156

7.6CVSS8.1AI score0.03944EPSS

Prion•added 2018/04/01 6:29 p.m.•22 views

Cross site request forgery (csrf)

DISPUTED An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server...

7.6CVSS8.1AI score0.03944EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/04/01 6:0 p.m.•18 views

CVE-2018-9156

8.1AI score0.03944EPSS

CVE•added 2018/04/01 6:0 p.m.•49 views

CVE-2018-9157

AXIS M1033-W IP camera, firmware 5.40.5.1 , is affected by CVE-2018-9157. The issue allows uploading a crafted .shtml webshell via the fileUpload.shtml endpoint, which is interpreted by Apache HTTP Server’s mod_include and can execute system commands. After successful upload, an attacker can perf...

7.6CVSS8.1AI score0.03218EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/04/01 6:0 p.m.•18 views

CVE-2018-9157

8.1AI score0.03218EPSS