1622 matches found
CVE-2020-5558
CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors...
Code injection
CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors...
Code injection
mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors...
Horde 5.2.22 CSV Import Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Horde CSV import arbitrary PHP code execution', 'Description' = %q The HordeData module version 2.1.4 and before present in Horde Groupware versi...
CVE-2013-4211
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...
Remote code execution
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...
CVE-2013-4211
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...
Improper Input Validation in Symfony
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter...
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress InfiniteWP Client Authentication Bypass', 'Description' = %q This module exploits an authentication bypass in the WordPress InfiniteWP...
Code injection
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code...
Code injection
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...
CVE-2013-3629
CVE-2013-3629 affects ISPConfig 3.0.5.2. The Red Hat/NVD/CVE records and related sources describe an Arbitrary PHP Code Execution vulnerability. The root cause is a flaw in ISPConfig’s content/language handling that allows an authenticated user to cause arbitrary PHP code execution on the server ...
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability...
Design/Logic Flaw
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...
Alcatel OmniVista remote command execution
Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...
Alcatel OmniVista remote command execution
Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...
CVE-2019-19502
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...
Code injection
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...
CVE-2019-19502
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...
FusionPBX Command exec.php Command Execution
This module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has bee...