| Country | Number |
|---|---|
| Singapore | 4034 |
| United States | 2629 |
| India | 1810 |
| China | 1762 |
| Russia | 531 |
| Argentina | 484 |
| Pakistan | 407 |
| France | 398 |
| Germany | 344 |
| Brazil | 301 |
| Port | Number |
|---|---|
| 80 | 25124 |
| 23 | 17031 |
| 25 | 3127 |
| 8080 | 1845 |
| 2323 | 1810 |
| 21 | 1640 |
| 110 | 1384 |
| Exploit | Exploit Information | CVE |
|---|---|---|
| TP-Link Archer AX21 (AX1800) firmware versions before 1 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | CVE-2023-1389 |
| An issue in Tecrail Responsive FileManager v9 | An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | CVE-2022-46604 |
| Responsive FileManager 9.9.5 - Remote Code Execution (RCE) | # Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution (RCE) # Date: 02-Feb-2023 # Exploit Author: Galoget Latorre (@galoget) # Vendor Homepage: https://responsivefilemanager.com # Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsive_filemanager.zip # Dockerfile: https://github.com/galoget/ResponsiveFileManager-CVE-2022-46604 # Version: 9.9.5 # Language: Python 3.x # Tested on: # - Ubuntu 22.04.5 LTS 64-bit # - Debian GNU/Linux 10 (b | CVE-2022-46604 |
| File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog | File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. | CVE-2022-30529 |
| Spryker Commerce OS 1 | Spryker Commerce OS 1.4.2 allows Remote Command Execution. | CVE-2022-28888 |
| Gecko CMS 2.3 - Multiple Vulnerabilities | Gecko CMS 2.3 Multiple Vulnerabilities Vendor: JAKWEB Product web page: http://www.cmsgecko.com Affected version: 2.3 and 2.2 Summary: Gecko CMS is the way to go, forget complicated, bloated and slow content management systems, Gecko CMS has been build to be intuitive, easy to use, extendable to almost anything, running on all standard web hosting (PHP and one MySQL database, Apache is a plus), browser compatibility and fast, super fast! Desc: Gecko CMS suffers from multiple vulnerabilities | CVE-116970 CVE-116969 CVE-116968 CVE-116967 CVE-116966 CVE-2015-1424 CVE-2015-1423 CVE-2015-1422 |
| The Duplicator WordPress plugin before 1 | The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. | CVE-2022-2551 |
| (1) boardData102 | (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | CVE-2016-1555 |
| A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical | A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability. | CVE-2024-3721 |
| LB-LINK BL-AC1900_2 | LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg. | CVE-2023-26801 |
| Movable Type 7 r | Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. | CVE-2021-20837 |
| Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload | # Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload # Date: 01-03-2024 # Exploit Author: Shubham Pandey # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html # Version: 1.0 # Tested on: Windows, Linux # CVE : CVE-2024-27747 # Description: File Upload vulnerability in Petrol Pump Management Software v.1.0 allows an attacker to execute arbitrary code v | CVE-2024-27747 |
| Static code injection vulnerability in setup | Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | CVE-2009-1151 |
| The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index | The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | CVE-2015-9479 |
| UniSharp laravel-filemanager (aka Laravel Filemanager) before 2 | UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0. | CVE-2022-40734 |
Last updated: September 1, 2024 | ||
If it's a great idea but you need help to make it a demonstrable reality Web Loft can help.
Webloft has experience in rapid prototyping using modern
industry standard components.
Web Loft has a wealth of experience working with a variety of technologies, languages and frameworks. Looking for something specific? Please check out the list below. If you don't see what you're looking for please get in touch and we can discuss how we can help.