WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload

source: https://www.securityfocus.com/bid/53931/info WordPress Contus Video Gallery is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload...

WordPress HTML5 AV Manager Plugin 'custom.php' Arbitrary File Upload Vulnerability

WordPress HTML5 AV Manager Plugin is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress Plugin WP-Property 1.35.0 - Arbitrary File Upload

WordPress Plugin WP-Property 1.35.0 - Arbitrary File Upload Description : Wordpress Plugins - WP-Property - WordPress Powered Real Estate and Property Management Shell Upload Vulnerability Version : 1.35.0 Link : http://wordpress.org/extend/plugins/wp-property/ Plugins :...

PHP Volunteer Management System v1.0.2 Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "PHP Volunteer...

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

Oracle Web Logic Node Manager UNC Path Remote File Execution

Oracle Web Logic Node Manager UNC Path Remote File Execution Posted by admin on 2012/03/16 Leave a comment 0 Go to comments Keep running into old Web Logic installations which have the file traversal http://www.securityfocus.com/bid/37926/info and UNC path remote command execution...

TechArabia TA.CMS LFI/SQLi Vulnerability

TechArabia TA.CMS is prone to multiple local file include LFI and SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

EnjoySAP SAP GUI ActiveX Control Buffer Overflow (CVE-2007-3605)

A file execution vulnerability has been reported in EnjoySAP SAP GUI. The vulnerability is due to a boundary error in EnjoySAP while handling a certain method. A remote attacker may exploit this vulnerability by enticing an unsuspecting user to open a malicious link. Successful exploitation of th...

7T Interactive Graphical SCADA System Arbitrary File Execution (CVE-2011-1566)

A file execution vulnerability has been reported in 7T Interactive Graphical SCADA System IGSS. 7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. A remote attacker may exploit this vulnerability to execute...

CVE-2011-2643

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter...

IF-CMS 2.07 - Local File Inclusion (Metasploit) (2)

IF-CMS 2.07 - Local File Inclusion Metasploit 2 $Id: if-cms.rb 2011-03-15 20:28:10 tecr0c $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

CVE-2011-1684

Heap-based buffer overflow in the MP4ReadBoxskcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted MP4 file...

MeshCMS v3.5 Remote Code Execution Exploit

Exploit for jsp platform in category web applications !/usr/bin/python MeshCMS v3.5 remote code execution exploit Environment: Tomcat 7.02/ubuntu 10.04 1 details: There is a add member/editor/admin CSRF vulnerability in this CMS which is very clean for an attacker. The admin will not be told a us...

EUR Form Client Arbitrary File Execution Vulnerability

Overview EUR Form Client has an arbitrary file execution vulnerability. Impact A remote attacker could execute arbitrary file on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

KLA10305 ACE vulnerabilities in RealPage Module Upload

A buffer overflow was found in RealPlayer. By exploiting this vulnerability malicious users can execute arbitrary files. This vulnerability can be exploited remotely via a specially designed MP4 file. Original advisories - Related products...

freeciv unauthorized access

It's possible to access files and execute commands via scenario...

Microsoft Outlook - 'ATTACH_BY_REF_ONLY' File Execution (MS10-045) (Metasploit)

$Id: ms10045outlookrefonly.rb 10389 2010-09-20 04:38:13Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft Outlook - 'ATTACH_BY_REF_RESOLVE' File Execution (MS10-045) (Metasploit)

$Id: ms10045outlookrefresolve.rb 10389 2010-09-20 04:38:13Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

chillyCMS Arbitrary File Upload Vulnerability

chillyCMS is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process...

Safari 5.0.1 DLL Hijacking Exploit

Version: Safari 5.0.1 Tested on: Windows XP SP3 Author : Secfence Exploit By: Vinay Katoch, Secfence Technologies www.secfence.com http://twitter.com/secfence Place a .htm .mht .mhtml .xht .xhtm .xhtl file and dwmapi.dll in same folder and run file in safari. Code for dwmapi.dll: /----------/ /...