vBSEO 3.6.0 PHP Code Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'vBSEO %q This...

vBSEO proc_deutf() Remote PHP Code Injection

This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php for vBSEO versions 3.6.0 and earlier. User input passed through 'charrepl' POST parameter isn't properly sanitized before being used in a call to pregreplace function which uses the...

HostBill App 2.3 - Remote Code Injection

HostBill App 2.3 - Remote Code Injection =-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah, The Most Beneficent, The Most Merciful-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: suffering from RemotE injection php code Vendor:hostbillapp.com + Software:HostBill + Version : v2.3 + author:Dr.DaShE TEAM:...

HostBill Remote Code Injection

=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah, The Most Beneficent, The Most Merciful-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: suffering from RemotE injection php code Vendor:hostbillapp.com + Software:HostBill + Version : v2.3 + author:Dr.DaShE TEAM: Team 403 ? - contact: Dasher403atgmail.c...

HostBill App 2.3 - Remote Code Injection

=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah, The Most Beneficent, The Most Merciful-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: suffering from RemotE injection php code Vendor:hostbillapp.com + Software:HostBill + Version : v2.3 + author:Dr.DaShE TEAM: Team 403 ? - contact: Dasher403atgmail.c...

CVE-2012-0933

Multiple cross-site scripting XSS vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admincolors.asp, 2 adminconfig.asp, and 3 admincatadd.asp in admin/...

CVE-2011-1940

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to 1 libraries/tbllinks.inc.php and...

CVE-2012-0040

Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...

CVE-2012-0790

Cross-site scripting XSS vulnerability in smokepingcgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PHP iReport 1.0 - Remote Html Code Injection

!/usr/bin/perl Title = phpireport v1.0 = Remote Html Code injection Author = Or4nG.M4n Download = http://garr.dl.sourceforge.net/project/phpireport/phpireport%20v1.0%20alpha%20revision%2025.rar Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0d3 | | Dr.Bnned ahwak2000 sa^Dev!L ...

CVE-2012-0693

submitticket.php in WHMCompleteSolution WHMCS 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it...

CVE-2012-0693

WHMCS/WHMCompleteSolution 5.03 is affected by CVE-2012-0693: submitticket.php allows remote attackers to inject code into the ticket subject via crafted data, due to improper handling of characters in the subject field. This is a separate issue from CVE-2011-5061. The vendor notes overlap with CV...

CVE-2012-0693

submitticket.php in WHMCompleteSolution WHMCS 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it...

CVE-2011-4920

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to 1 e107images/thumb.php or 2 rate.php, 3 resendname parameter to e107admin/users.php, and 4 link BBCode in user signatures...

CVE-2011-5023

Cross-site scripting XSS vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the search program, a different vulnerability than CVE-2011-3986...

Cross site scripting

Cross-site scripting XSS vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the search program, a different vulnerability than CVE-2011-3986...

CVE-2011-3841

The CVE-2011-3841 entry concerns the WordPress WP Symposium plugin vulnerability: a Cross-Site Scripting (XSS) flaw in the file uploadify/get_profile_avatar.php that allows arbitrary script/HTML injection via the uid parameter. Affected versions are before 11.12.08. Root cause: input handling in ...

Tiki Wiki CMS Groupware 8.2 Code Injection

------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1&regexres=phpinfo&regex=//e%00/ Tiki internal filters remove all null bytes from user input, but for some strange reason this doesn't happen within admin sessions. So,...

Whois Cart Billing - Multiple Web Vulnerabilities

Document Title: =============== Whois Cart Billing - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=343 Release Date: ============= 2011-12-22 Vulnerability Laboratory ID VL-ID: ==================================== 343 Produ...