CVE-2017-9101

CVE-2017-9101 affects PlaySMS 1.4 where import.php (Phonebook import) allows remote code execution. The vulnerability arises from improper handling of file contents during a CSV upload, enabling PHP code execution via payloads contained in the uploaded file name or User-Agent header. Public refer...

PlaySMS 1.4 - 'import.php' Remote Code Execution

Exploit Title: PlaySMS 1.4 Remote Code Execution using Phonebook import Function in import.php Date: 21-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website: http://touhidshaikh.com/ Category: webapps ...

ngrcomputers.co.za XSS vulnerability

Vulnerable URL: http://www.ngrcomputers.co.za/import.php?query=k400%27"--!confirmOPENBUGBOUNTY%3C/script /K/=0 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 331095 VIP website...

phpMyAdmin 4.0.10.x < 4.0.10.18 / 4.4.15.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities

Binary data 9830.prm...

ATutor <= 1.6.1-pl1 (import.php) Remote File Inclusion Vulnerability

No description provided by source. ATutor Course Server Rfi AUTHOR : IRCRASH R3d.W0rm Discovered by : IRCRASH R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Script Download : www.atutor.ca DORK : Web site engine's code is copyright © 2001-2007 ATutor® Note : You...

phpMyAdmin 'import.php'跨站脚本漏洞

BUGTRAQ ID: 65717 CVECAN ID: CVE-2014-1879 phpmyadmin是MySQL数据库的在线管理工具，主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 攻击者可能会利用漏洞在受影响站点上下文的不知情用户浏览器中执行任意脚本代码。这可以允许攻击者窃取基于cookie的认证证书，并发动其他攻击。 0 phpMyAdmin phpMyAdmin 3.4.9 phpMyAdmin phpMyAdmin 3.4.8 phpMyAdmin phpMyAdmin 3.4.6 phpMyAdmin phpMyAdmin 3.4.3...

CVE-2014-1879

Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action...

CVE-2014-1879

CVE-2014-1879 concerns phpMyAdmin prior to 4.1.7, where an XSS vulnerability exists in the import.php action. The issue arises from how a crafted filename in an import action is processed, enabling a remote authenticated user to inject arbitrary web script or HTML. The vulnerability affects phpMy...

phpMyAdmin &lt;= 4.0.4.1 import.php GLOBALS变量注入漏洞

CVECAN ID: CVE-2013-4729 phpmyadmin是MySQL数据库的在线管理工具，主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 4.0.4.1之前版本内的import.php没有正确限制文件格式定义数据输入权限，可使经过身份验证的远程用户修改GLOBALS超级全局数组，然后通过特制的请求更改配置。 0 phpMyAdmin = 4.0.4.1 厂商补丁： phpMyAdmin ---------- phpMyAdmin已经为此发布了一个安全公告（PMASA-2013-7）以及相应补丁:...

phpMyAdmin 4.x < 4.0.4.1 import.php GLOBALS Variable Injection Configuration Parameter Manipulation (PMASA-2013-7)

According to its self-identified version number, the phpMyAdmin 4.x install hosted on the remote web server is earlier than 4.0.4.1 and, therefore, contains a flaw where the 'import.php' script does not properly sanitize input. This could allow attackers to inject arbitrary GLOBALS variables and...

phpMyAdmin 4.0.x < 4.0.4.1 'import.php' Security Vulnerability

Binary data 6917.prm...

Design/Logic Flaw

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

phpMyAdmin -- Global variable scope injection

The phpMyAdmin development team reports: The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents...

CVE-2012-4393

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use 1 addBookmark.php, 2 delBookmark.php, or 3 editBookmark.php in bookmarks/ajax/; 4 calendar/delete.php, 5 calendar/edit.php...

CVE-2009-4854

addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter...

ATutor &lt;= 1.6.1-pl1 (import.php) Remote File Inclusion Vulnerability

No description provided by source. ATutor Course Server Rfi AUTHOR : IRCRASH R3d.W0rm Discovered by : IRCRASH R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Script Download : www.atutor.ca DORK : "Web site engine's code is copyright 2001-2007 ATutor" Note : You...

ATutor <= 1.6.1-pl1 (import.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================================== ATutor = 1.6.1-pl1 import.php Remote File Inclusion Vulnerability ==================================================================== ATutor Course Server Rfi AUTHOR :...

ATutor 1.6.1-pl1 - &#039;import.php&#039; Remote File Inclusion

ATutor Course Server Rfi AUTHOR : IRCRASH R3d.W0rm Discovered by : IRCRASH R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Script Download : www.atutor.ca DORK : "Web site engine's code is copyright © 2001-2007 ATutor®" Note : You must login , then use rfi bug ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via 1 the Options Database Table in the Admin Panel, accessed through options.php; or 2 the opmlurl parameter to link-import.php. NOTE: this might...

CVE-2007-4153

Multiple cross-site scripting XSS vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via 1 the Options Database Table in the Admin Panel, accessed through options.php; or 2 the opmlurl parameter to link-import.php. NOTE: this might...