2126 matches found
CVE-2025-41694
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...
CVE-2025-41694
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...
CVE-2025-41694
PHOENIX CONTACT FL SWITCH (industrial Ethernet switch) is affected by CVE-2025-41694. A low-privileged remote attacker can trigger a webshell with an empty command containing whitespace, causing the server to block and leading to a DoS condition on the websserver. CNNVD/ENISA-ENISA-like entries s...
CVE-2025-41694 Authenticated Denial-of-Service via Webshell
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...
CVE-2025-41694 Authenticated Denial-of-Service via Webshell
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...
PT-2025-49813
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...
PHOENIX CONTACT FL SWITCH 安全漏洞
PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT FL SWITCH versions prior to 3.50, which stems from improper handling of null commands by the webshell and could lead to a denial of service attack...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182: Exploitation Artifacts An export of a small s...
📄 WordPress AI Buddy 1.8.5 Shell Upload
WordPress AI Buddy plugin versions 1.8.5 and below remote shell upload exploit that leverages the REST API attachment functionality. ============================================================================================================================================= | Title : AI Buddy...
CVE-2025-65806
The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP a ZIP containing another ZIP where the inner archive contains an executable file e.g. webshell.php. When the application extracts the uploaded archives, the executabl...
Beyond Detection: A Comprehensive Benchmark and Study on Representation Learning for Fine-Grained Webshell Family Classification
Malicious WebShells pose a significant and evolving threat by compromising critical digital infrastructures and endangering public services in sectors such as healthcare and finance. While the research community has made significant progress in WebShell detection i.e., distinguishing malicious...
📄 AI Plugins 1.10.9 Shell Upload
This Metasploit module exploits unauthenticated arbitrary file upload vulnerabilities in multiple WordPress AI plugins including Cibeles AI, AI Feeds, and AI Buddy. The vulnerabilities allow attackers to upload PHP webshells via GitHub integration functionality...
Exploit for CVE-2025-13390
WP Directory Kit /dev/null echo "+ Auto-login successful"...
CVE-2025-41347
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...
EUVD-2025-197979
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...
CVE-2025-41347
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...
CVE-2025-41347
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...
CVE-2025-41347 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...
CVE-2025-41347 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...
CVE-2025-41347
CVE-2025-41347 affects WinPlus v24.11.27 from Informática del Este. A flaw permits uploading dangerous file types via POST to /WinplusPortal/ws/sWinplus.svc/json/uploadfile, enabling a possible webshell upload. Public records identify the root cause as an unrestricted upload vector. Remediation i...