SukaraLin

4 exploits Active since Jun 2018
CVE-2019-2890 NOMISEC HIGH WORKING POC
Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 - Authenticated Remote Code Execution via T3
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
44 stars
CVSS 7.2
CVE-2018-12045 WRITEUP CRITICAL WRITEUP
dedecms <= V5.7SP2 - Arbitrary File Upload via upfile1 Parameter
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
CVSS 9.8
CVE-2018-12046 WRITEUP HIGH WRITEUP
DedeCMS <= 5.7SP2 - Arbitrary File Write via file_manage_control.php
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
CVSS 7.5
CVE-2018-12492 WRITEUP HIGH WRITEUP
PHPOK 4.9.032 - Arbitrary File Deletion via delfile_f Function
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
CVSS 7.5