MGASA-2014-0483 Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...

Use the phpinfo information LFI temporary file[POC]-vulnerability warning-the black bar safety net

Remember before foreign cattle raised by LFI contain temporary files? Did feel a little tasteless, because the temporary file path and name is unknown, although the temporary file name can use a similar? Other wildcards let's call it a wildcard match, while the N individual together with requests...

iFunBox Free v1.1 iOS - File Include Vulnerability

Document Title: =============== iFunBox Free v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1344 Release Date: ============= 2014-10-20 Vulnerability Laboratory ID VL-ID: ==================================== 1344...

foreman-proxy: smart-proxy remote command injection

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...

Photorange v1.0 iOS - File Include Web Vulnerability

Document Title: =============== Photorange v1.0 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1318 Release Date: ============= 2014-09-06 Vulnerability Laboratory ID VL-ID: ==================================== 1318...

Code injection

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static...

WordPress FR0_theme theme Arbitrary File Download Vulnerability

Exploit for php platform in category web applications +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : WordPress FR0theme theme Arbitrary File Download Vulnerability Author : alieye designer Homepage : http://english.gg.go.kr/ Contact : email protected Risk : High Class: Remote...

CVE-2014-3771

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a 1 request to index.php or 2 "changeuserlanguage" request to sources/main.queries.php...

Authentication flaw

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a 1 request to index.php or 2 "changeuserlanguage" request to sources/main.queries.php...

Shunra Network Virtualization for Hewlett-Packard toServerObject() Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Visualization. Authentication is not required to exploit this vulnerability. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: The specific flaw exists...

Photo Org WA v8.3 iOS - File Include Vulnerability

Document Title: =============== Photo Org WA v8.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1277 Release Date: ============= 2014-07-03 Vulnerability Laboratory ID VL-ID: ==================================== 1277...

Apple Safari file:// Arbitrary Code Execution

No description provided by source. $Id: safarifilepolicy.rb 13967 2011-10-17 03:49:49Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Max Guestbook 1.0 - Multiple Vulnerabilities

No description provided by source. Exploit Title: Maxs Guestbook Google Dork: Powered by PHP F1 Date: 14/03/2012 Author: n0tch aka andmuchmore Software Link: http://www.phpf1.com/download.html?dl=18 Version: 1.0 Tested on: Windows 7 / LinuxUbuntu +-- LFI --+...

SOTEeSKLEP <= 3.5RC9 (file) Remote File Disclosure Vulnerability

No description provided by source. SOTEeSKLEP Remote File Disclosure Vulnerability Script : SOTEeSKLEP Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other. Site : http://www.sote.pl Bug: ... if ! empty$REQUESTfile $file=$REQUEST'file';...

Winamp <= 5.12 - (.pls) Remote Buffer Overflow Exploit (meta)

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...

Php AdminPanel Free version 1.0.5 - Remote File Disclosure Vuln

No description provided by source. Php AdminPanel Free version 1.0.5 Remote File Disclosure AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://ircrash.com My Official WebSite : http://r3dw0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina...

WordPress Switchblade Themes Arbitrary 1.3 - File Upload Vulnerability

No description provided by source. . . . \ \ | / \ \ \ | || / \ / / \ / |/ \ / | / \ / / /| | |/ \ \ \ // \ / / | \ /\ / | \ \ \ / \ //\ |\ | /\ // | /|\ / / / / / / / Exploit Title: WordPress Switchblade Themes Arbitrary File Upload Vulnerability Author: Byakuya Date: 11/01/2013...

Fully Modded phpBB <= 2021.4.40 Multiple File Include Vulnerabilities

No description provided by source. Fully Modded phpBB 2 Remote File Include PHPBB Exploit 2 Source Code: http://phpbbfm.net/support/indexfm.php http://kent.dl.sourceforge.net/sourceforge/phpbbfm/FM2021-4-40.tar.gz Vulnerable Code: include'includes/common.php'; $phpbbrootpath = $foingrootpath...

PhotoPost vBGallery 2.4.2 - Arbitrary File Upload Vulnerability

No description provided by source. vBulletin PhotoPost vBGallery v2.x Remote File Upload Found by : Cold z3ro e-mail : [email protected] Home page : www.Hack.ps ============================== exploit usage : http://localhost/Forum/$gallerypath/upload.php here the exploiter can upload php...

Zanfi CMS lite 1.2 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. +Zanfi CMS lite / Jaw Portal free index.php page Multiple Local File Inclusion +Discovered by SirGod +MorTal TeaM +Greetz E.M.I.N.EM,Ras,Puscasmarin,ToxicBlood,HrN,Kemrayz,007m + Dork : Powered by: Zanfi Solutions + Local File Inclusion PoC :...