WordPress Zingiri Web Shop 2.5.0 Shell Upload

|| | || || | | | | 0 | In the name of GOD | -|- | | | ||||| Exploit Title: Wordpress Zingiri-web-shop 2.5.0 Plugin | Arbitrary File Upload Vulnerability | Version: 2.5.0 Software Link: www.zingiri.com/plugins-and-addons/web-shop/ Google Dork: inurl:"/wp-content/plugins/zingiri-web-shop/" Exploit...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in filemanager/previewtop.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the 1 pathext, 2 popup, 3 framed, or 4 file parameter...

Webmin 1.580 - '/file/show.cgi' Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Webmin /file/show.cgi Remote Command...

Webmin /file/show.cgi Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Webmin /file/show.cgi Remote Command...

Sciretech (Multiple Products) - Multiple SQL Injections

Sciretech Multiple Products - Multiple SQL Injections source: https://www.securityfocus.com/bid/55390/info Sciretech Multimedia Manager and Sciretech File Manager are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in a...

Sciretech 3.0.0 SQL Injection / CSRF

========================================================= Vulnerable Software: Sciretech ® Multimedia Manager Version 3.0.0 Aka: Sciretech ® File Manager Version 3.0.0 Official site: www.sciretech.com Vulnerabilities: Blind SQL Injection And CSRF Dork: Google is Best Your Friend.Isn't? Discovered...

CVE-2011-5147

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

Code injection

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

CVE-2011-5147

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

CVE-2011-5147

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

CVE-2011-5147

CVE-2011-5147 affects FreeWebshop 2.2.9 R2 and earlier, specifically the Ajax File Manager module (tinymce plugin). The vulnerability is a static code injection in ajax_save_name.php that lets remote attackers inject arbitrary PHP into data.php via a selected document, shown by a sequence involvi...

FCKeditor exploit summary-vulnerability warning-the black bar safety net

Fckeditor exploit summary View Editor Version FCKeditor/whatsnew.html ------------------------------------------------------------- 2. Version 2.2 version Apache+linux environments in the upload files back plus a. Breakthrough! Test passed...

WordPress ShopperPress v2.7 Cross Site Scripting / SQL Injection

Exploit for php platform in category web applications ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities Details: ======== Multiple non persistent cross site scripting vulnerabilities are detected in the Shopperpress Premium Wordpress Theme and Addon v2.7. The vulnerability allows remote...

[SECURITY] [DSA 2510-1] extplorer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2510-1 [email protected] http://www.debian.org/security/ Luciano Bello July 12, 2012 http://www.debian.org/security/faq -...

WordPress Front File Manager 0.1 File Upload

File upload vulnerability in WordPress Front File Manager plugin Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

agora project 2.13.1 - Multiple Vulnerabilities

agora project 2.13.1 - Multiple Vulnerabilities Agora Project 2.13.1 Multiple Vulnerabilities Release Date Bug. 15-06-2012 Vendor Notification Date. Never Product. Agora project Affected versions. 2.13.1 and less Type. No Commercial Attack Vector. XSS, SQLi, BSQLi Solution Status. unpublished CVE...

Agora Project 2.13.1 Multiple Vulnerabilities

Exploit for php platform in category web applications Agora Project 2.13.1 Multiple Vulnerabilities Release Date Bug. 15-06-2012 Vendor Notification Date. Never Product. Agora project Affected versions. 2.13.1 and less Type. No Commercial Attack Vector. XSS, SQLi, BSQLi Solution Status. unpublish...

Agora-Project 2.12.11 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: agora-project2.12.1112-2011 Remote Shell Upload Google Dork: n0 N0obs Date: 10/06/2012 Exploit Author: Misa3l Vendor Homepage: http://sourceforge.net/projects/agora-project/ Software Link:...

Agora-Project 2.12.11 - Arbitrary File Upload

Exploit Title: agora-project2.12.1112-2011 Remote Shell Upload Google Dork: n0 N0obs Date: 10/06/2012 Exploit Author: Misa3l Vendor Homepage: http://sourceforge.net/projects/agora-project/ Software Link: http://sourceforge.net/projects/agora-project/files/latest/download Version: 2.12.1112-2011...

Agora-Project 2.12.11 Shell Upload

Exploit Title: agora-project2.12.1112-2011 Remote Shell Upload Google Dork: n0 N0obs Date: 10/06/2012 Exploit Author: Misa3l Vendor Homepage: http://sourceforge.net/projects/agora-project/ Software Link: http://sourceforge.net/projects/agora-project/files/latest/download Version: 2.12.1112-2011...