emlog 安全漏洞

emlog is a PHP and MySQL based CMS website builder for emlog individual developers. A security vulnerability exists in emlog versions prior to v2.3.15, which stems from the presence of a Remote Code Execution RCE vulnerability that allows an attacker to gain system privileges by uploading a...

CVE-2024-8463

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

CVE-2024-8463

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

CVE-2024-8463 File upload restriction bypass vulnerability in Job Portal

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

CVE-2024-8463 File upload restriction bypass vulnerability in Job Portal

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...

PT-2024-39030 · Unknown · Phpgurukul Job Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Job Portal version 1.0 Description: The issue is a file upload restriction bypass vulnerability, which could allow an authenticated user to execute a Remote Code Execution RCE via webshell. Recommendations: For PHPGurukul Job Porta...

PHPGurukul Job Portal 代码问题漏洞

PHPGurukul Job Portal is a PHP-based job search website system from PHPGurukul Inc. A code issue vulnerability exists in PHPGurukul Job Portal version 1.0, which stems from the inclusion of an unrestricted file upload vulnerability. An attacker can exploit this vulnerability to conduct remote cod...

CVE-2024-45171

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup file...

A Dive into Earth Baku’s Latest Campaign

Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. In this blog entry, we examine the threat actor's latest tools, tactics, and procedures...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

Chamilo LMS Unauthenticated RCE PoC This is a script written...

CVE-2024-40645 FOG Authenticated File Upload RCE

FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120...

CVE-2024-40645 FOG Authenticated File Upload RCE

FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120...

PT-2024-28963 · Fog · Fog

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10.41 Description: The issue is related to an improperly restricted file upload feature in FOG, a cloning/imaging/rescue suite/inventory management system. This allows authenticated users to execute arbitrary code on...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

Chamilo LMS Unauthenticated Big Upload File RCE PoC This is a...

Exploit for CVE-2024-33883

CVE-2024-33883 [email protected], Insufficient Prototype Pollutio...

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

ShellSweep - PowerShell/Python/Lua Tool Designed To Detect Potential Webshell Files In A Specified Directory

ShellSweep ShellSweeping the evil Why ShellSweep "ShellSweep" is a PowerShell/Python/Lua tool designed to detect potential webshell files in a specified directory. ShellSheep and it's suite of tools calculate the entropy of file contents to estimate the likelihood of a file being a webshell. High...

Exploit for Code Injection in Vmware Spring_Framework

SpringFrameworkCVE-2022-22965RCE SpringFramework 远程代码执行漏洞CVE...

CVE-2024-4306

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...

CVE-2024-4306

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...