| Country | Number |
|---|---|
| United States | 2196 |
| India | 1414 |
| China | 992 |
| Switzerland | 801 |
| Pakistan | 304 |
| Germany | 204 |
| France | 182 |
| Russia | 172 |
| Hong Kong | 168 |
| UK | 158 |
| Port | Number |
|---|---|
| 80 | 12360 |
| 23 | 10160 |
| 25 | 3791 |
| 8080 | 1421 |
| 21 | 1073 |
| Exploit | Exploit Information | CVE |
|---|---|---|
| TP-Link Archer AX21 (AX1800) firmware versions before 1 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | CVE-2023-1389 |
| /vendor/htmlawed/htmlawed/htmLawedTest | /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. | CVE-2022-35914 |
| A vulnerability was found in hansunCMS 1 | A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability. | CVE-2023-2245 |
| WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload | ###################### # Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip # Date : 2015-03-14 # Tested on : Linux BackBox 4.0 / curl 7.35.0 ###################### # Description: Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery displ | CVE-120303 |
| Directory traversal vulnerability in help/mini | Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156. | CVE-2008-4718 |
| In PHP 8 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. | CVE-2023-0567 |
| jQuery-File-Upload 9.22.0 - Arbitrary File Upload | # Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload # Author: Larry W. Cashdollar, @_larry0 # Date: 2018-10-09 # Vendor: https://github.com/blueimp # Download Site: https://github.com/blueimp/jQuery-File-Upload/releases # CVE-ID: N/A # Vulnerability: # The code in https://github.com/blueimp/jQuery-File-Upload/blob/master/server/php/UploadHandler.php # doesn't require any validation to upload files to the server. It also doesn't exclude file types. # This allows for remote code execut | CVE-2018-9206 |
| msgraph-sdk-php is the Microsoft Graph Library for PHP | msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in versions 1.109.1 and 2.0.0-RC5. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php` file, remove access to the `/vendor` directory, or disable the phpinfo function. | CVE-2023-49282 |
Last updated: October 1, 2024 | ||
If it's a great idea but you need help to make it a demonstrable reality Web Loft can help.
Webloft has experience in rapid prototyping using modern
industry standard components.
Web Loft has a wealth of experience working with a variety of technologies, languages and frameworks. Looking for something specific? Please check out the list below. If you don't see what you're looking for please get in touch and we can discuss how we can help.