265 matches found
CVE-2014-2027
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...
Wordpress Pie Register Plugin 2.0.13 - Privilege Escalation Vulnerability
Exploit for php platform in category web applications Exploit Title: Pie Register 2.0.13 Privilege escalation Date: 16-10-2014 Software Link: https://wordpress.org/plugins/pie-register/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE:...
WordPress Plugin Pie Register 2.0.13 - Privilege Escalation
Exploit Title: Pie Register 2.0.13 Privilege escalation Date: 16-10-2014 Software Link: https://wordpress.org/plugins/pie-register/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-8802 Category: webapps 1. Description Anyone...
[SECURITY] Fedora 16 Update: phpMyAdmin-3.4.5-1.fc16
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Asterisk Trixbox CE Cross Site Scripting
The asterisk phonebook module found in trixbox CE is vulnerable to an xss which can be triggered by importing a contact from a csv file like this: "/alertdocument.cookie;";123123123;12313 FATAL ERROR url is $ip/admin/config.php?type=tool&display=phonebook So an import of a csv file which may...