Two Arbitrary File Upload Vulnerabilities Exist in the Backend of Bunker Buster Machine

Bunker Fortress is the industry's first software form of the Fortress, providing a centralized authentication, centralized access authorization, centralized access management, centralized operation audit and a single point of simplified operation and management required for remote operations and...

ThinkPHP Cache Functions Have Design Flaw Vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. There is a design flaw vulnerability in the ThinkPHP cache function. The vulnerability is due to ThinkPHP in the use of cache data serialization, stored in the php file caused...

SQL Injection and Arbitrary Traversal Download Vulnerabilities in Zhejiang Dahua Intelligent Operation and Maintenance Management System

Zhejiang Dahua Intelligent Operation and Maintenance Platform, based on the field of video surveillance in the security industry, adopts the technologies of intelligent analysis, fault detection and workflow engine, integrates the functions of video quality diagnosis, video recording checking and...

Multiple Vulnerabilities in JeeCMS v8.1 Template Management Function

JEECMS is a JEECMSv8.1 version is a collection of PC Internet, mobile Internet and WeChat website in one of the website group management system. JeeCMS v8.1 template management function exists file write, arbitrary file naming, arbitrary file creation vulnerability. An attacker can exploit the...

SQL Injection Vulnerability in PHPSHE B2C Mall System v1.5

PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation and feedback and other functions, and provides easy operation, practical features, quickly allow users to establish a personalized online store,...

Code execution vulnerability in ThinkerCMS InputController.class.php

ThinkerPHP is based on thinkphp3.2 development of a rapid development system, which has excellent user experience, efficient development efficiency, simple and easy to get started, etc. ThinkerCMS is ThinkerPHP's content management system dedicated to small websites. A code execution vulnerabilit...

ourphp ourphp_filebox.php write any file vulnerability in frontend

OURPHP is a PHP+MySQL based development of W3C standard building system. ourphp v1.7.3 ourphpfilebox.php exists a write arbitrary file vulnerability in the frontend, due to the program fails to effectively examine the data submitted by visitors. Attackers use the vulnerability by writing Trojan...

File upload vulnerability in the latest version of metinfo

metinfo cms is an enterprise website management system with PHP Mysql architecture. A file upload vulnerability exists in metinfo cms due to the system not effectively filtering the depth variable. An attacker can use this vulnerability to bypass the include file and upload a webshell to gain...

File Upload Vulnerability in FeiWa B2B2C Mall System

FeiWa B2B2C mall system is an enterprise-level B2B2C e-commerce platform system. A file upload vulnerability exists in FeiWa B2B2C Mall System. An attacker can exploit the vulnerability to parse a webshell in image format...

St2-045 Remote Command Execution Vulnerability in Dieppe UMC Unified Management Center

As a unified management platform of DIPPER Technology, UMC carries out componentized management for the whole series of DIPPER products. Each type of product can be added to the platform in the form of components, and each component can be deeply and intelligently related to each other, so as to...

Arbitrary File Write Vulnerability in Wolf CMS 0.8.3.1 Backend

Wolf CMS is a lightweight CMS program written in PHP. The latest version of Wolf CMS, version 0.8.3.1, has an arbitrary file write vulnerability in the backend, which can be exploited to create files with arbitrary suffixes and write arbitrary content. An attacker can use this vulnerability to...

NIUSHOP open source mall system front '/Components.php' page there are arbitrary file upload vulnerabilities

NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a set of PHP open source e-commerce system . NIUSHOP open source mall system front '/Components.php' page there are arbitrary file upload vulnerability...

NIUSHOP open source mall system front '/member.php' page there are arbitrary file upload vulnerabilities

NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a PHP open source e-commerce system . NIUSHOP open source mall system front '/member.php' page there are arbitrary file upload vulnerability . As the...

Two File Upload Vulnerabilities Exist in Website Builder Star Backend

Ltd., is a cloud computing-based Internet application service provider. There are file upload vulnerabilities in the background of sitestar 1 banner scroll bar edit-select single image upload and 2 product management in the background-edit more image upload. Allow attackers to upload webshell and...

File Upload Vulnerability in Ctrip CMS (XerCMS) at Member Avatar Upload

Ctrip CMS XerCMS is a content management system based on php+mysql, integrating membership, community, guestbook, news and model management. XerCMS has a file upload vulnerability at the member avatar upload. Since the program uses a blacklist filtering mechanism for the filename suffix of the...

massExpConsole - Collection of Tools and Exploits with a CLI UI

Collection of Tools and Exploits with a CLI UI What does it do? an easy-to-use user interface cli execute any adapted exploit with process-level concurrency crawler for baidu and zoomeye a simple webshell manager some built-in exploits automated more to come... Requirements GNU/Linux or MacOS, WS...

finecms has a csrf vulnerability

FineCMS is a content management system based on PHP+MySql. A CSRF vulnerability exists in the finecms backend form for executing SQL, which can be exploited by attackers to trick administrators into clicking on a malicious link to execute SQL statements and write a webshell to gain server...

Arbitrary File Upload Vulnerability in 'ExamFileUp.ashx' File of MicroXia Online Learning Platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. An arbitrary file upload vulnerability exists in the 'ExamFileUp.ashx' file of MicroXia Online Learning Platform. It allows attackers to upload webshell and gain server privileges...

Arbitrary file upload vulnerability in the action/fileUpload.asp file of the Access Specialist management system

Despatch Access Specialist Management System is a CATI software that integrates telephone access, call center, and web survey into one; a CATI software that provides hosted services with "Cloud Computing" and "SaaS Model". An arbitrary file upload vulnerability exists in the action/fileUpload.asp...

Novell iManager and NetIQ iManager File Upload Vulnerability

Novell iManager is a WEB-based application from Novell, Inc. that allows you to use wireless devices to manage and configure Novell eDirectory objects.NetIQ iManager is a WEB-based application from NetIQ, Inc. that allows you to use wireless devices to manage and configure eDirectory objects. A...