23 matches found
EUVD-2011-5047
Malware in sbrugna...
CVE-2011-4825
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted...
Contao 路径遍历漏洞
Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. A path traversal vulnerability exists in Contao versions prior to 4.9.40, 4.13.21, and 5.1.4. An attacker exploiting this vulnerability could list...
elFinder 安全漏洞
elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads, image scaling and other features. A security vulnerability exists in ElFinder 2.1.47 and earlier versions, which stems from a command injection vulnerability in the program's P...
Ajax File and Image Manager 'search_folder'参数目录遍历漏洞
Bugtraq ID:66071 Ajax File and Image Manager是一款远程文件和图像管理工具。 Ajax File and Image Manager搜索功能不正确处理"searchfolder"参数数据,允许远程利用漏洞提交目录遍历请求,以WEB权限查看敏感文件信息。 0 Ajax File and Image Manager 目前没有详细解决方案提供: http://www.phpletter.com/...
Ajax File Manager Directory Traversal Vulnerability
Exploit for php platform in category web applications Exploit Title: Ajax File Manager DirectoryTraversal Google Dork: inurl: "plugins/ajaxfilemanager" Date: 03/07/2014 Exploit Author: Eduardo Alves edudx9 Vendor Homepage: phpletter.com Software Link: http://phpletter.com/Demo/Ajax-File--Manager/...
Ajax File Manager - Directory Traversal
Ajax File Manager - Directory Traversal Exploit Title: Ajax File Manager DirectoryTraversal Google Dork: inurl: "plugins/ajaxfilemanager" Date: 03/07/2014 Exploit Author: Eduardo Alves edudx9 Vendor Homepage: phpletter.com Software Link: http://phpletter.com/Demo/Ajax-File--Manager/ Version: app...
Ajax File Manager - Directory Traversal
Exploit Title: Ajax File Manager DirectoryTraversal Google Dork: inurl: "plugins/ajaxfilemanager" Date: 03/07/2014 Exploit Author: Eduardo Alves edudx9 Vendor Homepage: phpletter.com Software Link: http://phpletter.com/Demo/Ajax-File--Manager/ Version: app version - All Tested on: Windows/Linux...
phpmyfaq -- arbitrary PHP code execution vulnerability
The phpMyFAQ team reports: Secunia noticed while analysing the advisory that authenticated users with "Right to add attachments" are able to exploit an already publicly known issue in the bundled Ajax File Manager of phpMyFAQ version 2.8.3, which leads to arbitrary PHP code execution for...
PT-2013-41: Arbitrary Code Execution in Ajax File and Image Manager
The specialists of the Positive Research center have detected "Arbitrary Code Execution" vulnerability in Ajax File and Image Manager. Due to incorrect application architecture, validation of file extension is implemented after uploading file. Uploaded file will subsequently be removed if its...
TinyMCE Ajax File Manager Remote Code Execution
/ | / \ / / \ / /\ \ / / \ | \ / \ \ | | | | /\ /\ / /|| /\ | | || \ \ / / / / / Exploit Title : timynce Ajax File Manager Remote Code Author : By onestree Software Link : http://www.phpletter.com/Demo/Tinymce-Ajax-File-Manager/ tested : windows 7 Dork : inurl:"/plugins/filemanager/" or...
Ajax File Manager Remote Code Execution Exploit
Ajax File Manager is vulnable to execute abitrary php code injection, and not solution from the vendor. This is private exploit. You can buy it at https://0day.today...
WordPress Zingiri Web Shop 2.5.0 Shell Upload
|| | || || | | | | 0 | In the name of GOD | -|- | | | ||||| Exploit Title: Wordpress Zingiri-web-shop 2.5.0 Plugin | Arbitrary File Upload Vulnerability | Version: 2.5.0 Software Link: www.zingiri.com/plugins-and-addons/web-shop/ Google Dork: inurl:"/wp-content/plugins/zingiri-web-shop/" Exploit...
CVE-2011-5147
Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...
Code injection
Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...
CVE-2011-5147
Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...
CVE-2011-5147
Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...
CVE-2011-5147
CVE-2011-5147 affects FreeWebshop 2.2.9 R2 and earlier, specifically the Ajax File Manager module (tinymce plugin). The vulnerability is a static code injection in ajax_save_name.php that lets remote attackers inject arbitrary PHP into data.php via a selected document, shown by a sequence involvi...
Log1 CMS writeInfo() PHP Code Injection
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
CVE-2011-4825
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted...