8 matches found
Duomi (DuomiCms) Movie Management System X3.0 version of the existing code execution vulnerabilities
Duomi DuomiCms Movie and TV management system is a set of video on demand system designed for different needs of webmasters. Duomi DuomiCms Movie and TV Management System X3.0 version of the code execution vulnerability, an attacker can exploit the vulnerability to execute arbitrary code...
SQL injection vulnerability in DuomiCms X3.0 background admin_collect.php page
DuomiCms is a video-on-demand system designed for film and television station owners. There is a SQL injection vulnerability in the admincollect.php page of DuomiCms X3.0 backend. An attacker can exploit the vulnerability to obtain sensitive database information...
Code execution vulnerability in DuomiCms x3.0 (CNVD-2018-03672)
DuomiCms is a video-on-demand system designed for film and television station owners. A code execution vulnerability exists in the admin/adminweixin.php file in DuomiCms x3.0 due to the system failing to effectively filter input parameters. An attacker can exploit this vulnerability to obtain a...
discuz! x3.0 /static/image/common/flvplayer.swf 跨站脚本漏洞
No description provided by source...
discuz! x3.0 /static/image/common/focus.swf 跨站脚本漏洞
No description provided by source...
discuz! x3.0 /static/image/common/mp3player.swf 跨站脚本漏洞
No description provided by source...
Discuz X3.0存储型XSS(应该是通杀)
简要描述: 过滤的不严格 详细说明: DZ3的日志功能,tamper data抓包并修改可插入恶意xss代码。 有效payload如下: 我还在那个什么叫习科的论坛上测试了一下,他们应该是dz2.5 也成功了。 在个人空间发布日志,利用方法和上面的一样。 漏洞证明: 第一张是dz3的最新版 我下了个GBK version: 第二张是习科的...
dz3. 0/2. 5 Background to get shell-vulnerability warning-the black bar safety net
To work seen after the tick community has released a discuz x3 the background to get the shell method, then t00ls members also tested discuz x2. 5 the background to get the shell method. A good ass is I tested didn't, caught the packet and the given case is not the same now! After the study found...