80 matches found
EUVD-2018-20414
Malware in sbrugna...
EUVD-2018-4975
Malware in sbrugna...
EUVD-2018-3052
Malware in sbrugna...
EUVD-2018-11097
Malware in sbrugna...
EUVD-2018-20371
Malware in sbrugna...
CVE-2018-13025
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter...
Command Execution Vulnerability in YXcms
YXcms is a PHP and MySQL based enterprise building content management system CMS. A command execution vulnerability exists in YXcms. An attacker can exploit this vulnerability to gain server privileges...
YXcms has a directory traversal vulnerability
YXcms is a PHP and MySQL based enterprise building content management system CMS. A directory traversal vulnerability exists in YXcms. An exploiter can use this vulnerability to traverse files on the server to obtain sensitive information...
YXcms background there are arbitrary file deletion vulnerability
YXcms is a PHP and MySQL based enterprise building content management system CMS. An arbitrary file deletion vulnerability exists in the YXcms backend. An attacker can exploit the vulnerability to delete arbitrary files read into the directory...
Multiple Vulnerabilities in YXCMS Backend
Yxcms is an enterprise building system based on PHP and mysql technology. YXCMS backend there are disk directory traversal, disk arbitrary file deletion, code execution, arbitrary file upload vulnerability, attackers can use the vulnerability to obtain sensitive information, arbitrary deletion of...
Code injection
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url=...
CVE-2018-19404
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url=...
YXcms Arbitrary PHP Code Execution Vulnerability
YXcms is a PHP and MySQL based enterprise building content management system CMS. A security vulnerability exists in the protected/apps/appmanage/controller/indexController.php file in YXcms version 1.4.7. A remote attacker can exploit this vulnerability to execute arbitrary PHP code via a ZIP...
CVE-2018-19404
In YXcms 1.4.7, the vulnerability resides in protected/apps/appmanage/controller/indexController.php. Remote authenticated Administrators can trigger arbitrary PHP code execution by creating a ZIP archive containing a config.php file, hosting the ZIP at an external URL, and accessing index.php?r=...
CVE-2018-19404
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url=...
Yxcms Arbitrary File Deletion Vulnerability
YXcms is a PHP and MySQL based enterprise building content management system CMS. An arbitrary file deletion vulnerability exists in protected/apps/admin/controller/photoController.php in YXcms 1.4.7. A remote attacker can exploit this vulnerability by sending the 'picname' parameter via...
Code injection
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter...
CVE-2018-13025
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter...
CVE-2018-13025
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter...
CVE-2018-13025
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter...