104 matches found
Coppermine Photo Gallery 1.0 PHP Code Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker...
WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
No description provided by source. ============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted...
Double Choco Latte 0.9.3/0.9.4 main.php Arbitrary PHP Code Execution
No description provided by source. source: http://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting/HTML...
Magic News Plus 1.0.2 n_layouts.php link_parameters Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site...
WordPress SEO Watcher Plugin - Arbitrary PHP Code Execution
SEO Watcher plugin's "ofcuploadimage.php" is prone to an arbitrary PHP code execution vulnerability. It allows an attacker to execute arbitrary PHP code within the context of the web server. Solution Upgrade the plugin...
OpenX flowplayer-3.1.1.min.js Backdoor Remote Code Execution
The version of OpenX installed on the remote host contains a backdoor and allows the execution of arbitrary PHP code, subject to the privileges under which the web server operates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
mkCMS - 'index.php' Arbitrary PHP Code Execution
source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is vulnerable; other versions may also be affected...
mkCMS - index.php Arbitrary PHP Code Execution
mkCMS - index.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is...
php-Charts url.php Remote PHP Code Execution
The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/url.php' script is not properly sanitized before being used in a PHP eval call. An unauthenticated, remote attacker could leverage this vulnerability t...
PHP-Charts - Arbitrary PHP Code Execution
PHP-Charts - Arbitrary PHP Code Execution =============================================================== Vulnerable Software: php-chartv1.0 Official Site: http://php-charts.com/ Vuln: PHP Code Execution. =============================================================== Tested On: Debian squeeze...
Fedora 18 : drupal6-6.27-1.fc18 / drupal7-7.18-1.fc18 (2012-20746)
Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...
Elastix < 2.4 PHP Code Injection Vulnerability
Elastix is prone to a PHP code injection vulnerability because it fails to properly sanitize user-supplied input. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Fedora 17 : drupal6-6.27-1.fc17 / drupal7-7.18-1.fc17 (2012-20766)
Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...
Fedora 16 : drupal6-6.27-1.fc16 / drupal7-7.18-1.fc16 (2012-20794)
Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...
FreeBSD : drupal7 -- multiple vulnerabilities (2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5)
Drupal Security Team reports : - Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...
Fedora 17 : drupal7-7.16-1.fc17 (2012-16442)
Fixes SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure - http://drupal.org/node/1815904 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...
Drupal 7.x < 7.16 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 7.x prior to 7.16. It is, therefore, potentially affected by multiple vulnerabilities : - An arbitrary PHP code execution vulnerability exists due to an error in the 'installer.php' script. An attacker, under certain conditions, could u...
SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure
Multiple vulnerabilities were discovered in Drupal core. Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PH...
Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Horde 3.3.12...
Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin)
The remote host is missing updates announced in advisory GLSA 201201-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...