Scan for vulnerabilities

Component Type

Check item

74CMS

Multiple SQL injection vulnerabilities in 74CMS

Privilege escalation vulnerability in 74CMS

SQL injection vulnerability in 74CMS

Arbitrary file deletion vulnerability in 74CMS v4.1.15

Arbitrary file read vulnerability in the latest version of 74CMS

DedeCMS

Variable overwrite vulnerability in DedeCMS

Arbitrary file upload vulnerability in DedeCMS

Reinstallation vulnerability in DedeCMS

Injection vulnerability in DedeCMS

File upload vulnerability in DedeCMS

Password resetting vulnerability in DedeCMS

Vulnerability of arbitrary user logon from the frontend caused by cookie leaks in DedeCMS

SQL injection vulnerability caused by session variable overwriting in DedeCMS

Vulnerability of arbitrary file upload at the backend in DedeCMS

SQL injection vulnerability in DedeCMS

Template SQL injection vulnerability in DedeCMS

SQL injection vulnerability caused by cookie leaks in DedeCMS

Payment plug-in injection vulnerability in DedeCMS

Arbitrary file deletion by registered users in DedeCMS V5.7

CSRF protection bypass vulnerability in DedeCMS V5.7

Arbitrary file upload by common users in DedeCMS select_soft_post.php

Arbitrary file upload vulnerability in DedeCMS V5.7 SP2 (CVE-2019-8362)

Discuz

Code execution vulnerability in Discuz!

MemCache + ssrf permission acquisition vulnerability (GetShell) in Discuz!

Backend SQL injection vulnerability in Discuz!

Arbitrary attachment download caused by privilege escalation vulnerabilities in Discuz!

Arbitrary file deletion vulnerability in Discuz!

Encrypted message forgery vulnerability caused by authcode function defects in Discuz!

Command execution vulnerability in the backend database backup feature of Discuz!

ECShop

Code injection vulnerability in ECShop

Password retrieval vulnerability in ECShop

Injection vulnerability in ECShop

ECShop backdoor

Arbitrary user logon vulnerability in ECShop

Backend SQL injection vulnerability in ECShop

SQL injection vulnerability in ECShop

Vulnerability of overwriting variables in the ECShop installation directory at the backend

Code execution caused by SQL injection vulnerabilities in ECShop

Secondary injection vulnerability in ECShop

Backend permission acquisition vulnerability in ECShop (GetShell)

Backend file download vulnerability in ECShop 2.7.3

FCKEditor

Arbitrary file upload vulnerability in FCKeditor

Joomla

Remote code execution (RCE) vulnerability caused by malformed deserialized packet injection in Joomla!

Unauthorized user creation vulnerability in Joomla! (CVE-2016-8870)

Core SQL injection vulnerability in Joomla! 3.7.0

SQL injection vulnerability in Joomla!

PHPCMS

Injection vulnerability in PHPCMS

AuthKey leak vulnerability in PHPCMS

Wide byte injection vulnerability in PHPCMS v9

Arbitrary file read vulnerability caused by frontend code injection in PHPCMS

Permission acquisition vulnerability caused by specific logic issues in PHPCMS (GetShell)

AuthKey leak caused by AuthKey generation algorithm issues in PHPCMS

SQL injection vulnerability in PHPCMS v9.6.2

common.inc RCE vulnerability in PHPCMS 2008

RCE vulnerability in template cache of PHPCMS 2008

phpMyAdmin

Deserialized injection vulnerability in phpMyAdmin

CVE-2016-6617 SQL injection vulnerability in phpMyAdmin

Permission acquisition vulnerability caused by checkPageValidity function defects in phpMyAdmin version 4.8.1 and earlier (GetShell)

phpMyAdmin 4.8.5

phpwind

GET request CSRF vulnerability in PHPWind v9 task center

Permission acquisition vulnerability caused by MD5 padding vulnerabilities in PHPWind v9 (GetShell)

Backend SQL injection vulnerability in PHPWind

Cross-site scripting (XSS) injection into UBB tag attributes in PHPWind

ThinkPHP5

Medium-risk permission acquisition vulnerability caused by cache function design flaws in ThinkPHP 5.0.10-3.2.3 (GetShell)

High-risk RCE vulnerability in ThinkPHP 5.0

RCE vulnerability in ThinkPHP 5.1.X to 5.1.30 (included)

High-risk Request.php RCE vulnerability in versions earlier than ThinkPHP 5.0.24

WordPress

Arbitrary file upload vulnerability in WordPress

IP address verification vulnerability in WordPress

WP_Image_Editor_Imagick instruction injection vulnerability in WordPress

XSS vulnerability in the bbPress plug-in of WordPress

Mailpress RCE vulnerability in WordPress

DOS vulnerability caused by arbitrary directory traversal in the backend plug-in update module of WordPress

SQL injection vulnerability caused by arbitrary user logon to the backend plug-in of WordPress

Username enumeration vulnerability in versions earlier than WordPress 4.7.1 (CVE-2017-5487)

SQL injection vulnerability in WordPress

XSS vulnerability in WordPress

Content injection vulnerability in WordPress

RCE vulnerabilities caused by the sitename field in WordPress Mail

SQL injection vulnerability in the Catalogue plug-in of WordPress

Arbitrary file deletion vulnerability in WordPress

Permission acquisition vulnerability caused by multiple defects, such as Author permission path traversal in WordPress (GetShell)

Vulnerability type

Check item

Weak passwords in system services

OpenSSH services

MySQL database services

Microsoft SQL Server (MSSQL) database services

MongoDB database services

FTP, VSFTP, and ProFTPD services

Memcache cache services

Redis caching services

Subversion control services

Server Message Block (SMB) file sharing services

Simple Mail Transfer Protocol (SMTP) email delivery services

Post Office Protocol 3 (POP3) email reception services

Internet Message Access Protocol (IMAP) email management services

Vulnerabilities in system services

OpenSSL heartbleed vulnerabilities

SMB

• Samba

• Brute-force attacks against weak passwords

RSYNC

• Anonymous access to sensitive data

• Brute-force attacks against password-based authentication

Brute-force attacks against Virtual Network Console (VNC) passwords

Brute-force attacks against pcAnywhere passwords

Brute-force attacks against Redis passwords

Vulnerabilities in application services

phpMyAdmin weak passwords

Tomcat console weak passwords

Apache Struts 2 remote command execution vulnerabilities

Apache Struts 2 remote command execution vulnerability (S2-046)

Apache Struts 2 remote command execution vulnerability (S2-057)

Arbitrary file uploads in ActiveMQ (CVE-2016-3088)

Arbitrary file reads in Confluence

CouchDB Query Server remote command execution

Brute-force attacks against administrator weak passwords in Discuz!

Unauthorized access to Docker

Remote code execution in Drupal Drupalgeddon 2 (CVE-2018-7600)

ECshop code execution vulnerabilities in logon endpoints

Unauthorized access to Elasticsearch

Elasticsearch MvelRCE CVE-2014-31

Elasticsearch Groovy RCE CVE-2015-1427

Expression Language (EL) Injection in Weaver OA

Unauthorized access to Hadoop YARN ResourceManager

Path traversal in JavaServer Faces 2

Java deserialization in JBoss EJBInvokerServlet

Anonymous access to Jenkins Manage (CVE-2018-1999001 and CVE-2018-1999002)

Unauthorized access to Jenkins

Jenkins Script Security Plugin RCE

Unauthorized access to Kubernetes

SQL injection vulnerabilities in the MetInfo getPassword interface

SQL injection vulnerabilities in the MetInfo logon interface

Arbitrary file uploads in PHPCMS 9.6

PHP-CGI remote code execution vulnerabilities

Actuator unauth RCE

ThinkPHP_RCE_20190111

Server-side request forgery (SSRF) in WebLogic UDDI Explorer

SSRF in WordPress xmlrpc.php

Brute-force attacks against the Zabbix web console

OpenSSL heartbleed detection

Unauthorized access to the WEB-INF directory in Apache Tomcat