25 matches found
EUVD-2016-10299
Malware in sbrugna...
EUVD-2016-10288
Malware in sbrugna...
CVE-2016-9492
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...
CVE-2016-9493
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...
CVE-2016-9492
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...
CVE-2016-9483
The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...
CVE-2016-9484
The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...
CVE-2016-9482
Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel...
CVE-2016-9493
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...
Unrestricted file upload
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...
Authentication flaw
Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel...
Input validation
The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...
Path traversal
The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...
Cross site scripting
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...
CVE-2016-9492 PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...
CVE-2016-9493 PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...
CVE-2016-9483
CVE-2016-9483 involves PHP FormMail Generator-generated PHP form code where phpfmg_filman_download() deserializes untrusted input, enabling a remote, unauthenticated attacker to inject PHP code. The description notes that, combined with CVE-2016-9484, this can lead to local file inclusion attacks...
CVE-2016-9482
CVE-2016-9482 affects the PHP FormMail Generator code; an unauthenticated remote user can bypass authentication and reach the administrator panel by accessing /admin.php?mod=admin&func=panel. Documents consistently describe an authentication bypass in the code generated by PHP FormMail Generator....
CVE-2016-9484 PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal
The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...
CVE-2016-9493
The CVE-2016-9493 issue involves PHP FormMail Generator-generated code prior to 2016-12-17. The form.lib.php file checks upload types against a hard-coded list of dangerous extensions, which does not cover all PHP file variants, allowing possible execution of PHP code if the uploaded filename is ...