| Country | Number |
|---|---|
| United States | 2861 |
| China | 1772 |
| India | 460 |
| Russia | 386 |
| UK | 308 |
| Taiwan | 285 |
| Germany | 276 |
| Netherlands | 261 |
| Singapore | 260 |
| Japan | 225 |
| Port | Number |
|---|---|
| 80 | 13495 |
| 23 | 9373 |
| 25 | 3370 |
| 21 | 1963 |
| 8080 | 1803 |
| 2323 | 1002 |
| 110 | 970 |
| Exploit | Exploit Information | CVE |
|---|---|---|
| TP-Link Archer AX21 (AX1800) firmware versions before 1 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | CVE-2023-1389 |
| PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated) | # Exploit Title: PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated) # Date: 2022/01/30 # Exploit Author: souzo # Vendor Homepage: phpunit.de # Version: 4.8.28 # Tested on: Unit # CVE : CVE-2017-9841 import requests from sys import argv phpfiles = ["/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin. | CVE-2017-9841 |
| vendor/elfinder/php/connector | vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | CVE-2020-35235 |
| elFinder before 2 | elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. | CVE-2019-9194 |
| Responsive FileManager < 9.13.4 - Directory Traversal | The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com #1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET /filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd HTTP/1.1 Host: 192.168.5.129 User-Agent: Mozilla/5.0 (Windows | CVE-2018-15536 |
| Joomla! 1 | Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. | CVE-2015-8562 |
| An issue in Tecrail Responsive FileManager v9 | An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | CVE-2022-46604 |
| Gecko CMS 2.3 - Multiple Vulnerabilities | Gecko CMS 2.3 Multiple Vulnerabilities Vendor: JAKWEB Product web page: http://www.cmsgecko.com Affected version: 2.3 and 2.2 Summary: Gecko CMS is the way to go, forget complicated, bloated and slow content management systems, Gecko CMS has been build to be intuitive, easy to use, extendable to almost anything, running on all standard web hosting (PHP and one MySQL database, Apache is a plus), browser compatibility and fast, super fast! Desc: Gecko CMS suffers from multiple vulnerabilities | CVE-2022-30529 |
| OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload | <?php /* OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Desc: The vulnerability is caused due to the improper verification of uploaded files in '/library/openflashchart/php-ofc-library/ofc_upload_image.ph | CVE-90222, CVE-2011-4275, CVE-2009-4140, CVE-59051 |
| Responsive FileManager 9.9.5 - Remote Code Execution (RCE) | # Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution (RCE) # Date: 02-Feb-2023 # Exploit Author: Galoget Latorre (@galoget) # Vendor Homepage: https://responsivefilemanager.com # Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsive_filemanager.zip # Dockerfile: https://github.com/galoget/ResponsiveFileManager-CVE-2022-46604 # Version: 9.9.5 # Language: Python 3.x # Tested on: # - Ubuntu 22.04.5 LTS 64-bit # - Debian GNU/Linux 10 (b | CVE-2022-46604 |
| A cross-site scripting (XSS) vulnerability in upload | A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter. | CVE-2019-14315 |
| A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | CVE-2022-30525 |
| A reflected XSS issue exists in the Management Console of several WSO2 products | A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. | CVE-2022-29548 |
| An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station | An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later | CVE-2022-27593 |
| An issue was discovered in Chadha PHPKB 9 | An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. | CVE-2020-11579 |
| An issue was discovered in Joomla! 4 | An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | CVE-2023-23752 |
| C99Shell (Web Shell) - 'c99.php' Authentication Bypass | # Exploit Title: C99 Shell Authentication Bypass via Backdoor # Google Dork: inurl:c99.php # Date: June 23, 2014 # Exploit Author: mandatory ( Matthew Bryant ) # Vendor Homepage: http://ccteam.ru/ # Software Link: https://www.google.com/ # Version: < 1.00 beta # Tested on:Linux # CVE: N/A All C99.php shells are backdoored. To bypass authentication add "?c99shcook[login]=0" to the URL. e.g. http://127.0.0.1/c99.php?c99shcook[login]=0 The backdoor: @extract($_REQUEST["c99shcook"]); Which byp | CVE-108979 |
| ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) | # Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability # Date: 2018-11-11 # Exploit Author: Ameer Pornillos # Website: http://ethicalhackers.club # Vendor Homepage: http://www.clippercms.com/ # Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper_1.3.3 # Version: 1.3.3 # Tested on: Windows 10 x64 (XAMPP, Firefox) # CVE : CVE-2018-19135 * Description: ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload which is being used by default. This | CVE-2018-19135 |
| Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities | source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. http://www.example.co | CVE-2005-3285, CVE-20032 |
| D-Link DNS-320 FW v2 | D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | CVE-2020-25506 |
| Joomla! Component com_civicrm 4.2.2 - Remote Code Injection | # Exploit Title: joomla component com_civicrm remode code injection exploit # Google Dork:"Index of /joomla/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart" # Date: 20/04/2013 # Exploit Author: iskorpitx # Vendor Homepage: http://civicrm.org # Software Link: http://civicrm.org/blogs/yashodha/announcing-civicrm-422 # Version: [civicrm 4.2.2] # Tested on: Win8 Pro x64 # CVE : http://www.securityweb.org <?php # Joomla component com_civicrm OpenFlashCart ofc_upload_image.p | CVE-2011-4275, CVE-59051, CVE-2009-4140 |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl. | CVE-2013-5223 |
| TP-Link TL-WR340G / TL-WR340GD - Multiple Vulnerabilities | #Title: TP-LINK Model No. TL-WR340G/TL-WR340GD - Multiple Vulnerabilities #Date: 01.07.14 #Vendor: TP-LINK #Affected versions: TL-WR340G/TL-WR340GD #Tested on: Firmware Version - 4.3.7 Build 090901 Rel.61899n, Hardware Version - WR340G v5 081520C2 [at] Linux #Contact: smash [at] devilteam.pl Persistent Cross Site Scripting vulnerabilities exists because of poor parameters filtration. Our value is stored in javascript array, since it's not correctly verified nor filtered, it is able to inject j | CVE-111720, CVE-111712, CVE-111711, CVE-111708, CVE-111707, CVE-111706, CVE-111705, CVE-111704, CVE-111703, CVE-100357, CVE-100355 |
| Unrestricted file upload vulnerability in ofc_upload_image | Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/. | CVE-2009-4140 |
Last updated: April 23, 2024 | ||
If it's a great idea but you need help to make it a demonstrable reality Web Loft can help.
Webloft has experience in rapid prototyping using modern
industry standard components.
Web Loft has a wealth of experience working with a variety of technologies, languages and frameworks. Looking for something specific? Please check out the list below. If you don't see what you're looking for please get in touch and we can discuss how we can help.