| Country | Number |
|---|---|
| United States | 4158 |
| Czechia | 2578 |
| Netherlands | 1552 |
| Austria | 1265 |
| China | 1256 |
| India | 1138 |
| Ukraine | 914 |
| Germany | 824 |
| UK | 599 |
| Russia | 549 |
| Port | Number |
|---|---|
| 80 | 30973 |
| 23 | 11412 |
| 25 | 4134 |
| 8080 | 2843 |
| 21 | 1524 |
| 110 | 1319 |
| 2323 | 1180 |
| Exploit | Exploit Information | CVE |
|---|---|---|
| TP-Link Archer AX21 (AX1800) firmware versions before 1 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | CVE-2023-1389 |
| Util/PHP/eval-stdin | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. | CVE-2017-9841 |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | CVE-2024-3272 |
| Roxy Fileman 1 | Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. | CVE-2018-20526 |
| vendor/elfinder/php/connector | vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | CVE-2020-35235 |
| elFinder before 2 | elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. | CVE-2019-9194 |
| b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection | [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-B374K-CSRF-CMD-INJECTION.txt Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/ Product: ============================================== b374k versions 3.2.3 and 2.8 b374k is a PHP Webshell with many features such as: File manager (view, edit, rename, delete, uploa | CVE-130253 |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | CVE-2024-3273 |
| In PHP versions 8 | In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | CVE-2024-4577 |
| Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal | ====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php CVE number: CVE-2018-20525, CVE-2018-20526 Found: 2018-12-07 Tested on: PHP 7.0, Ubuntu 16.04 LTS Author: Pongtorn Angsuchotmetee, Vittawat Masaree SnoopBees Lab https://www.snoopbees.com ================================================== | CVE-2018-20526 CVE-2018-20525 |
| SQL injection vulnerability in the formulaireRobot function in admin/robots | SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php. | CVE-2014-9348 |
| An arbitrary file upload vulnerability was discovered in MCMS 5 | An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | CVE-2022-30506 |
| Gecko CMS 2.3 - Multiple Vulnerabilities | Gecko CMS 2.3 Multiple Vulnerabilities Vendor: JAKWEB Product web page: http://www.cmsgecko.com Affected version: 2.3 and 2.2 Summary: Gecko CMS is the way to go, forget complicated, bloated and slow content management systems, Gecko CMS has been build to be intuitive, easy to use, extendable to almost anything, running on all standard web hosting (PHP and one MySQL database, Apache is a plus), browser compatibility and fast, super fast! Desc: Gecko CMS suffers from multiple vulnerabilities | CVE-116970 CVE-116969 CVE-116968 CVE-116967 CVE-116966 CVE-2015-1424 CVE-2015-1423 CVE-2015-1422 |
| In PuTTY 0 | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. | CVE-2024-31497 |
| MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb | MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. | CVE-2023-50917 |
| Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation | Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value. | CVE-2013-4702 |
| NexusQA NexusDB before 4 | NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. | CVE-2020-24571 |
| PHP Melody 1.5.3 - Arbitrary File Upload Injection | --------------------------------------------------- PHP Melody 1.5.3 remote injection upload file --------------------------------------------------- ################################################### [+] Author : Chip D3 Bi0s [+] Email : chipdebios[alt+64]gmail.com [+] Group : LatinHackTeam [+] Vulnerability : SQL injection ################################################### ---------info Cms---------------- name : PHP Melody version 1.5.2 email : suppo | CVE-56581 |
| QNAP QTS before 4 | QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. | CVE-2017-6361 |
| Roxy Fileman 1.4.5 - Directory Traversal | # Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal # Author: Patrik Lantz # Date: 2019-12-06 # Software: Roxy Fileman # Version: 1.4.5 # Vendor Homepage: http://www.roxyfileman.com/ # Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net # CVE: CVE-2019-19731 Tested on: ASP.NET 4.0.30319 and Microsoft-IIS 10.0, Windows 10 Pro Build 17134 (using custom account as application pool identity for the IIS worker process). =========================== Description ================ | CVE-2019-19731 |
| sapi/cgi/cgi_main | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | CVE-2012-1823 |
| SeedDMS versions < 5.1.11 - Remote Command Execution | # Exploit Title: [Remote Command Execution through Unvalidated File Upload in SeedDMS versions <5.1.11] # Google Dork: [NA] # Date: [20-June-2019] # Exploit Author: [Nimit Jain](https://www.linkedin.com/in/nimitiitk)(https://secfolks.blogspot.com) # Vendor Homepage: [https://www.seeddms.org] # Software Link: [https://sourceforge.net/projects/seeddms/files/] # Version: [SeedDMS versions <5.1.11] (REQUIRED) # Tested on: [NA] # CVE : [CVE-2019-12744] Exploit Steps: Step 1: Login to the applicatio | CVE-2019-12744 |
| Spring Framework, versions 5 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. | CVE-2018-1271 |
| The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core | The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. | CVE-2021-27905 |
| Zeroshell 3 | Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. | CVE-2019-12725 |
Last updated: July 1, 2024 | ||
If it's a great idea but you need help to make it a demonstrable reality Web Loft can help.
Webloft has experience in rapid prototyping using modern
industry standard components.
Web Loft has a wealth of experience working with a variety of technologies, languages and frameworks. Looking for something specific? Please check out the list below. If you don't see what you're looking for please get in touch and we can discuss how we can help.