Tag
#php
Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.
Auto/Taxi Stand Management System version 1.0 suffers from a php code injection vulnerability.
Art Gallery Management System version 1.0 suffers from an ignored default credential vulnerability.
This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.
Nipah Virus Testing Management System version 1.0 suffers from a php code injection vulnerability.
Medical Card Generations System version 1.0 suffers from a remote SQL injection vulnerability.
Maid Hiring Management System version 1.0 suffers from an ignored default credential vulnerability.
Emergency Ambulance Hiring Portal version 1.0 suffers from a php code injection vulnerability.
DragonRank, a Chinese-speaking hacking group, has compromised 30+ Windows servers globally. They exploit IIS vulnerabilities to manipulate SEO…
A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China. "