5286 matches found
GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites
Title: ====== GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites Date: ===== 2012-06-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=601 VL-ID: ===== 601 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: =============...
sflog! - section Local File Inclusion
sflog! - section Local File Inclusion source: https://www.securityfocus.com/bid/54334/info sflog! is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the...
sflog! - 'section' Local File Inclusion
source: https://www.securityfocus.com/bid/54334/info sflog! is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. Thi...
Tiki Wiki unserialize() PHP Code Execution
This module exploits a php unserialize vulnerability in Tiki Wiki 'Tiki Wiki unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Tiki Wiki = 8.3 which could be abused to allow unauthenticated users to...
Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated...
SugarCRM 6.3.1 unserialize() PHP Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SugarCRM %q This module exploits a ph...
SugarCRM CE 6.3.1 - 'Unserialize()' PHP Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SugarCRM %q This module exploits a ph...
Symantec Web Gateway upload_file Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists because Symantec Web Gateway allows unauthenticated users to upload a file while...
PHP Volunteer Management System 1.0.2 - Multiple Vulnerabilities
PHP Volunteer Management System 1.0.2 - Multiple Vulnerabilities Exploit Title: PHP Volunteer Management System v 1.0.2 Multiple Vulnerabilities Date: 05/28/12 Author: Ashoo Mail: [email protected] Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Tested on:...
PHP Volunteer Management System 1.0.2 - Multiple Vulnerabilities
Exploit Title: PHP Volunteer Management System v 1.0.2 Multiple Vulnerabilities Date: 05/28/12 Author: Ashoo Mail: [email protected] Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Tested on: IIS6.0-Windows 2003 ToC 1.0 Introduction 2.0 Unrestricted File Upload 3...
Small-Cms - 'hostname' Remote PHP Code Injection
source: https://www.securityfocus.com/bid/53703/info Small-Cms is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the...
Ajaxmint Gallery 1.0 - Local File Inclusion
Ajaxmint Gallery 1.0 - Local File Inclusion source: https://www.securityfocus.com/bid/53659/info Ajaxmint Gallery is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and to execute...
Ajaxmint Gallery 1.0 - Local File Inclusion
source: https://www.securityfocus.com/bid/53659/info Ajaxmint Gallery is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and to execute local scripts in the context of the webserver...
Acuity CMS 2.6.2 - adminfile_managerfile_upload_submit.asp Multiple Arbitrary File Upload Code Executions
Acuity CMS 2.6.2 - adminfilemanagerfileuploadsubmit.asp Multiple Arbitrary File Upload Code Executions source: https://www.securityfocus.com/bid/53616/info Acuity CMS is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues t...
AZ Photo Album - Cross-Site Scripting Arbitrary File Upload
AZ Photo Album - Cross-Site Scripting Arbitrary File Upload source: https://www.securityfocus.com/bid/53641/info The AZ Photo Album is prone to a cross-site-scripting and an arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit thes...
AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload
source: https://www.securityfocus.com/bid/53641/info The AZ Photo Album is prone to a cross-site-scripting and an arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to steal cookie information, execute arbitrary clie...
HULK DDoS Tool Smash Web Server, Server Fall Down
For the aspiring attacker or pen tester, there is no shortage of attack tools, scripts, crimeware kits and exploits available online. But, the Internet being what it is, there’s always room for one more. Enter HULK, a new DDoS tool that arrives just in time to coincide with the release of some...
eLearning Server 4G Multiple Vulnerabilities (May 2012) - Active Check
eLearning Server 4G is prone to a remote file include RFI and an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
MySQLDumper 1.24.4 - menu.php PHP Remote Code Execution
MySQLDumper 1.24.4 - menu.php PHP Remote Code Execution source: https://www.securityfocus.com/bid/53310/info MySQLDumper is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to...
MySQLDumper 1.24.4 - main.php Multiple Cross-Site Request Forgery Vulnerabilities
MySQLDumper 1.24.4 - main.php Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3...