PHPLiteAdmin 1.9.3 - Remote PHP Code Injection

Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in the directory you specified as the $directory...

PHP Lite Admin 1.9.3 Code Injection

Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in the directory you specified as the $directory...

PHPLiteAdmin 1.9.3 - Remote PHP Code Injection

PHPLiteAdmin 1.9.3 - Remote PHP Code Injection Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in t...

CVE-2012-5537

The vulnerability CVE-2012-5537 affects the Simplenews Scheduler module for Drupal (6.x-2.x series) prior to 6.x-2.4. An authenticated user with the 'send scheduled newsletters' permission can inject arbitrary PHP code into the scheduling form, which is later executed by cron, enabling code execu...

CVE-2012-5545

The CVE affects the Drupal ShareThis module (7.x-2.x) prior to 7.x-2.5. The vulnerability is an XSS in the handling of JavaScript settings due to insufficient filtering of output. Exploitation requires an authenticated user with the 'administer sharethis' permission. A fixed version is ShareThis ...

CVE-2012-6040

Cross-site scripting XSS vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/modules/user/users.php in MyBB aka MyBulletinBoard 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditionsusergroup parameter in a search action to admin/index.php...

CVE-2012-5903

The CVE-2012-5903 entry concerns the Simple Machines Forum (SMF) product, specifically version 2.0.2. The vulnerability is a Cross-Site Scripting (XSS) flaw in the scheduled parameter handling of index.php, enabling remote attackers to inject arbitrary web script or HTML. The root cause is an XSS...

ManageEngine ServiceDesk 8.0 Multiple Vulnerabilities

Exploit for php platform in category web applications ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities Introduction: ============= ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT effectively. It helps you implement ITIL best practices and...

Joomla Component com_jce remote Code Injecion / Execution Exploit (perl)

JCE component for Joomla! could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions by the file.php script. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP...

CVE-2011-5220

Cross-site scripting XSS vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php...

Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities

Title: ====== Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=700 VL-ID: ===== 700 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: =============...

CVE-2012-5384

Multiple cross-site scripting XSS vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the 1 $name or 2 $description variables in editentryhandler.php, or 3 $url, 4 $tempfullname, or 5 $extusers variables in viewentry.php, different vector...

PhpTax - 'pfilez' Execution Remote Code Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "PhpTax pfilez...

PhpTax pfilez Parameter Exec Remote Code Injection

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Cross site scripting

Cross-site scripting XSS vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4892

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 titleen, 2 summaryen, or 3 bodyen parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890. NOTE...

eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities

Title: ====== eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=668 VL-ID: ===== 668 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

eFront Educational 3.6.11 Cross Site Scripting

Title: ====== eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=666 VL-ID: ===== 666 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

CVE-2012-4744

CVE-2012-4744 describes a Cross-site scripting (XSS) vulnerability in ssearch.php of the Siche search module 0.5 for Zeroboard. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the search parameter. The NVD entry lists a CVSSv2 base score of 4.3 (Medium) with n...