CVE-2015-4338

CVE-2015-4338 affects the WordPress XCloner plugin (version 3.1.2). The vulnerability is a static code injection that lets remote authenticated users inject arbitrary PHP code into language files via the Translation LM_FRONT_* field (demonstrated by language/italian.php). Impact described: potent...

CVE-2015-4338

Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LMFRONT field for a language, as demonstrated by language/italian.php...

WordPress XCloner Plugin <= 3.1.2 - Static Code Injection

Because of this vulnerability remote authenticated users can inject arbitrary PHP code into the language files via a Translation LMFRONT field for a language. Solution Update the plugin...

Code injection

Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the siteurl parameter...

CVE-2014-9185

Summary (CVE-2014-9185): Morfy CMS v1.05 contains a remote code execution vulnerability in the install.php process. The vulnerability arises because the installation logic writes a config.php file based on the POST parameter site_url, enabling an authenticated attacker to inject arbitrary PHP cod...

CVE-2014-5194

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

Code injection

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

CVE-2014-5194

Summary (CVE-2014-5194): Sphider 1.3.6 contains a static code injection flaw in admin/admin.php. Remote authenticated users can exploit the _word_upper_bound parameter to inject arbitrary PHP code into settings/conf.php. This is evidenced by multiple connected sources (exploit-db, packetstorm) de...

[SECURITY] Fedora 20 Update: python-astroid-1.0.1-2.fc20

The aim of this module is to provide a common base representation of python source code for projects such as pychecker, pyreverse, pylint, and others. It extends the class defined in the compiler.ast python module with some additional methods and attributes...

[RIPS] A static source code analyser for vulnerabilities in PHP scripts

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks potentially vulnerable functions that can be tainted b...

Code injection

Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter...

CVE-2012-6046

The CVE-2012-6046 entry concerns a static code injection in admin/banners.php of PHP Enter, allowing remote attackers to inject arbitrary PHP code into horad.php via the code parameter. Connected sources confirm the same description and indicate a high-severity impact (complete confidentiality, i...

Code injection

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/dbconnect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the...

CVE-2012-5304

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/dbconnect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the...

CVE-2012-5304

Summary: CVE-2012-5304 refers to a static code injection vulnerability in the YVS Image Gallery, specifically in administration/install.php, allowing remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. The vulnerability is noted to occur when admin...

CVE-2011-5147

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

Code injection

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

CVE-2011-5147

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

CVE-2011-5147

CVE-2011-5147 affects FreeWebshop 2.2.9 R2 and earlier, specifically the Ajax File Manager module (tinymce plugin). The vulnerability is a static code injection in ajax_save_name.php that lets remote attackers inject arbitrary PHP into data.php via a selected document, shown by a sequence involvi...

Scientific Linux Security Update : eclipse on SL6.x i386/x86_64

The Eclipse software development environment provides a set of tools for C/C++ and Java development. A cross-site scripting XSS flaw was found in the Eclipse Help Contents web application. An attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them in...