CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

CVE-2018-16763

Summary (CVE-2018-16763) : Fuel CMS version 1.4.1 is vulnerable to a pre-auth Remote Code Execution via PHP code evaluation. The flaw is triggered through unsafe handling of user-controlled data in the pages/select/ filter parameter or the preview/ data parameter, allowing arbitrary PHP execution...

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. Recent assessments: noraj at May 08, 2021 7:33pm UTC reported: Unauthenticated RCE with default config, this is critical. Assessed...

PT-2018-13726 · Fuel Cms · Fuel Cms

Name of the Vulnerable Software and Affected Versions: FUEL CMS version 1.4.1 Description: The issue allows for PHP code evaluation, potentially leading to pre-authentication remote code execution. This can be achieved via the filter parameter in the "pages/select/" endpoint or the data parameter...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by QRadar SIEM. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details If you run your own Java code using t...

Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3 Tested...

Dolibarr ERP/CRM &lt; 7.0.3 - PHP Code Injection

Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Date: 06/29/2018 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3 Tested on: Unix, Windows Technical Details...

Dolibarr ERPCRM 7.0.3 - PHP Code Injection

Dolibarr ERPCRM 7.0.3 - PHP Code Injection Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Date: 06/29/2018 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3...

Dolibarr ERP CRM 7.0.3 Code Injection

Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Date: 06/29/2018 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3 Tested on: Unix, Windows Technical Details...

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

Remote code execution

DISPUTED Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor ha...

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

eFront 3.6.15: Steal your professors password

RIPS Analysis Our SAST tool RIPS analyzed the whole application in only 1m 32s and uncovered many severe security issues. Most of them are straight-forward SQL Injections that can be used to extract confidential user data, such as passwords, private messages, course results, and personal...

tplmap - Automatic Server-Side Template Injection Detection and Exploitation Tool

Tplmap short for Template Mapper is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities SSTI. This can be used by developers, penetration testers, and security researchers to detect and exploit vulnerabilities related to the template injecti...

PHPMoAdmin 1.1.2 Remote Code Execution Exploit

This Metasploit module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval in PHPMoAdmin. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4...

NETGEAR ReadyNAS Perl Code Evaluation

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient def initializein...

Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll ldapagnt_eval() Perl Code Evaluation RCE

No description provided by source. Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll ldapagnteval Perl Code Evaluation RCE pre auth/SYSTEM Tested against: Microsoft Windows 2003 r2 sp2 download url: http://download.novell.com/index.jsp search Privileged User Manager file tested:...

Netgear ReadyNAS - Perl Code Evaluation (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'NETGEAR ReadyNAS Perl Code Evaluation', 'Description' = %q This module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and...