XIAOcms website builder system has file inclusion vulnerability

XiaoCms Enterprise Building Edition is based on PHP+Mysql architecture It is a small, flexible, simple and easy to use lightweight cms. A file inclusion vulnerability exists in the XIAOcms website builder system. An attacker can exploit this vulnerability to upload script files...

Arbitrary file deletion

KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to...

NetIQ Access Manager Remote Code Execution Vulnerability

NetIQ Access Manager provides a simple, secure, and scalable solution to handle all your Web access needs. A remote code execution vulnerability exists in NetIQ Access Manager. The vulnerability is caused due to the iManager Certificate Server Management module allowing administrators to create...

File Upload Vulnerability in UFIDA Financials

UFIDA Financials is a financial management software. A file upload vulnerability exists in UFIDA Financial System. Vulnerability payload: http://target/TaskManager/EBankTaskServlet?m=1&taskjson=cnvdtest&taskname=... /... /R9iPortal/upload/cnvd.jsp%00&optionType=create Submitting the above request...

Xiangtan Times Information Technology Co., Ltd. website building system has arbitrary file upload vulnerability

Xiangtan Times Information Technology Co., Ltd. is an IT application service company, providing IT application services and e-commerce solutions. Xiangtan Times Information Technology Co., Ltd. website building system has an arbitrary file upload vulnerability, which can upload script files to...

D-Link Cookie Command Execution

This module exploits an anonymous remote upload and code execution vulnerability on different D-Link devices. The vulnerability is a command injection in the cookie handling process of the lighttpd web server when handling specially crafted cookie values. This module has been successfully tested ...

National Center for Digital Learning Resources cms system has script upload vulnerability

National Center for Digital Learning Resources cms system script upload vulnerability, in fact, is the remote download did not change the name of the...

Johnson Controls Metasys Unlimited File Upload Vulnerability

Johnson Controls Metasys is a building automation system from Johnson Controls. The system can be networked with weak electronic systems such as fire and security through a variety of open protocols or standard interfaces to provide system integrity for secure access. An unrestricted file upload...

JSBoard 2.0.x Remote Arbitrary Script Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11983/info JSBoard is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. If...

OpenDocMan 1.2.6.5 - Persistent XSS Vulnerability

No description provided by source. Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link:...

Vacation Rental Script 4.0 - Arbitrary File Upload Vulnerability

No description provided by source. Script Name: Vacation Rental Script = 4.0 Site: http://www.vacationrentalscript.com/ Bug: Upload Shell Found: Br0ly google dork: 2006 - 2009 Vacation Rental Script BraZIL!! You need register a account first so: Signup: http://server/signup Cheek your email for...

MediaWiki 1.3.x Remote Arbitrary Script Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11985/info MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. ...

cPanel < 11.25 CSRF - Add User php Script

No description provided by source. Exploit Title: cPanel 11.25 CSRF - Add php script Date: 27.05.2011 Author: ninjashell Software Link: http://cpanel.net Version: 11.25 see details below Tested on: Linux CVE : N/A I. Introduction cPanel versions below and excluding 11.25 , are vulnerable to CSRF...

cPanel Cross Site Request Forgery

Exploit Title: cPanel " Afterwards simply check for ninjashell.php in the directory. III. Counter-measures All cPanel versions starting from 11.25 and above have two in-built security features to prevent such attacks - security tokens and referrer security check. This means that if you are a cpan...

Joomla Front-End Article Manager System Upload Vulnerability

Exploit for php platform in category web applications ============================================================ Joomla Front-End Article Manager System Upload Vulnerability ============================================================...

Rayzz Photoz Upload Vulnerability

Exploit for php platform in category web applications ================================= Rayzz Photoz Upload Vulnerability ================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ ...

Joomla Component com_jesectionfinder Upload Vulnerability

Exploit for php platform in category web applications ======================================================== Joomla JE Property Finder Component Upload Vulnerability ========================================================...

Flax Article Manager 1.1 - Remote PHP Script Upload

Flax Article Manager 1.1 Remote File Upload Vulnerability ---------------------------------------------------------- Discovered By: S.W.A.T. [email protected] Home: www.batlagh.com Script Page: http://www.clixint.com/products/articles Dork: Copyright 2006 © Flax Article Manager v1.1...

Flax Article Manager 1.1 - Remote PHP Script Upload

Flax Article Manager 1.1 - Remote PHP Script Upload Flax Article Manager 1.1 Remote File Upload Vulnerability ---------------------------------------------------------- Discovered By: S.W.A.T. [email protected] Home: www.batlagh.com Script Page: http://www.clixint.com/products/articles Dork:...

CVE-2008-5695

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manageoptions and uploadfiles capabilities to execute arbitrary code by uploading a PHP script and adding this...