Code injection

The modbus125handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502...

CVE-2011-4745

Multiple cross-site scripting XSS vulnerabilities in the billing system for Parallels Plesk Panel 10.3.1build1013110726.09 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/index.php/default and certain other files...

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Preemptive Protection against Novell GroupWise Internet Agent RRULE Weekday Parsing Buffer Overflow (CVE-2011-2662)

A remote code injection and execution vulnerability has been reported in Novell GroupWise Internet Agent GWIA...

Preemptive Protection against Novell GroupWise Internet Agent RRULE Time Conversion Invalid Array Indexing (CVE-2011-2663)

A remote code injection and execution vulnerability has been reported in Novell GroupWise Internet Agent GWIA...

Cross site scripting

Cross-site scripting XSS vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action...

Hastymail &quot;rs&quot;和&quot;rsargs[]&quot;参数远程代码注入漏洞

BUGTRAQ ID: 50794 CVE ID: CVE-2011-4542 Hastymail是一个用PHP编写的快速、安全、兼容RFC、跨平台的IMAP/SMTP客户端应用程序。 Hastymail实现上存在输入验证漏洞，篡改后的$POST'rs'和$POST'rsargs'输入参数没有被正确检查过滤，攻击者可利用这些漏洞注入和执行任意代码，导致Web服务器执行任意PHP代码、泄露敏感信息、删除任意文件。 Hastymail 厂商补丁： Hastymail --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

PmWiki &lt;= 2.2.34 (pagelist) Remote PHP Code Injection Exploit

No description provided by source. ?php / ------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Exploit ------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................:...

PmWiki 2.2.34 - pagelist Remote PHP Code Injection (1)

PmWiki 2.2.34 - pagelist Remote PHP Code Injection 1 $r 454. if @$PageListSortCmp$o 455. $code .= "$c = $PageListSortCmp$o; "; 456. else 457. $code .= "$c = @strcasecmp$PCache$x'$o',$PCache$y'$o'; "; 458. $code .= "if $c return $r$c;\n"; 459. 460. StopWatch'PageListSort sort'; 461. if $code...

WhiteHouse Gov Service - Persistent Web Vulnerability

Document Title: =============== WhiteHouse Gov Service - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=308 Release Date: ============= 2011-11-03 Vulnerability Laboratory ID VL-ID: ==================================== 308...

WhiteHouse Gov Service - Persistent Web Vulnerability

Document Title: =============== WhiteHouse Gov Service - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=308 Release Date: ============= 2011-11-03 Vulnerability Laboratory ID VL-ID: ==================================== 308...

eFront 3.6.10 Multiple Security Vulnerabilities

eFront is prone to multiple security vulnerabilities, including: - A remote code injection vulnerability - Multiple SQL injection vulnerabilities - An authentication bypass and privilege escalation vulnerability - A remote code execution vulnerability - A file upload vulnerability...

PHP Photo Album 0.4.1.16 Cross Site Scripting / Disclosure

---------------------------------------------------------------- PHP Photo Album Poc 2 http://localhost/phpAlbum/main.php?cmd=albumnew&keyword=XSS Demo :http://www.iloveazucar.com/phpAlbum/main.php?cmd=albumnew&keyword="onmouseover%3dprompt975554 bad%3d" Demo :http://www.dolfpretorius.com/main.ph...

FreeBSD : phpmyfaq -- Remote PHP Code Injection Vulnerability (395e0faa-ffa7-11e0-8ac4-6c626dd55a41)

The phpMyFAQ project reports : The phpMyFAQ Team has learned of a serious security issue that has been discovered in our bundled ImageManager library we use in phpMyFAQ 2.6 and 2.7. The bundled ImageManager library allows injection of arbitrary PHP code via POST requests. %NASLMINLEVEL 70300 C...

phpLDAPadmin functions.php 远程PHP代码注入漏洞

BUGTRAQ ID: 50331 phpLDAPadmin是基于web的LDAP客户端，允许方便的管理LDAP服务器。 phpLDAPadmin在实现上存在远程PHP代码注入漏洞，攻击者可利用此漏洞在受影响应用程序中注入和执行PHP代码，控制系统。 1）cmd.php中的URL后附加的输入在返回给用户之前没有正确过滤，可被利用在受影响站点用户浏览器中执行任意HTML和脚本代码。 2）cmd.php中的"orderby"参数中传递的输入在用于"createfunction"函数调用之前，没有在lib/functions.php中正确过滤。可被利用注入和执行任意PHP代码。...

phpLDAPadmin 1.2.1.1 Remote PHP Code Injection

$key \n"; 1018. $code .= " asort$a-$key;\n"; 1019. $code .= " $aa = arrayshift$a-$key;\n";...

phpLDAPadmin -- Remote PHP code injection vulnerability

EgiX n0b0d13s at gmail dot com reports: The $sortby parameter passed to 'masort' function in file lib/functions.php isn't properly sanitized before being used in a call to createfunction at line 1080. This can be exploited to inject and execute arbitrary PHP code. The only possible attack vector ...

Dolphin 7.0.7 - &#039;member_menu_queries.php&#039; Remote PHP Code Injection

?php / ---------------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection Exploit ---------------------------------------------------------------------------- author...............: EgiX mail.................:...

CVE-2010-4890

CVE-2010-4890 affects the TYPO3 extension ke_yac (Yet Another Calendar) version prior to 1.1.2. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available sources indicate the affected component...

PhpMyAdmin of 3. x Swekey remote code injection vulnerability and fix-vulnerability warning-the black bar safety net

? php echo phpsapiname!==' cli'?'& lt;/pre':"; ifphpsapiname==='cli' if! isset$argv1 output" Usage\n ".$ argv0." "; killme; $pmaurl = $argv1; else $pmaurl = isset$REQUEST'url'?$ REQUEST'url':"; $code = 'foreach$GET as $k=$vif$k==="eval"eval$v;'; $cookie = null; $token = null; if!...