PHP Utility Belt Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'PHP Utility Belt Remote Code Execution', 'Description' = %q This module exploits a remote code execution vulnerability in PHP Utilit...

PHP Utility Belt Remote Code Execution

This module exploits a remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality. This module requires Metasploit:...

OIC Exponent CMS Remote Code Execution Vulnerability

OIC Exponent CMS is a free, open source, modular PHP-based content management system. A security vulnerability exists in OIC Exponent CMS that allows remote attackers to submit a special request to execute arbitrary PHP code in the context of an affected system...

iScripts EasyCreate 3.0 - Remote Code Execution

iScripts EasyCreate 3.0 - Remote Code Execution !C:/Python27/python.exe -u iScripts EasyCreate 3.0 Remote Code Execution Exploit Vendor: iScripts.com Product web page: http://www.iscripts.com Affected version: 3.0 Summary: iScripts EasyCreate is a private label online website builder. This softwa...

CVE-2015-8761

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import...

CVE-2015-8761

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import...

Zen Cart 1.5.4 - Local File Inclusion

Advisory ID: HTB23282 Product: Zen Cart Vendor: Zen Ventures, LLC Vulnerable Versions: 1.5.4 Tested Version: 1.5.4 Advisory Publication: November 25, 2015 without technical details Vendor Notification: November 25, 2015 Vendor Patch: November 26, 2015 Public Disclosure: December 16, 2015...

DMarket 1.0 Remote PHP Code Injection

| Title : DMarket 1.0 Remote PHP Code Injection Exploit | Author : indoushka | email : [email protected] | Dork : Copy right © 2010 . All right reserved Powered By : DMarket تمامی حقوق برای فروشگاه Print Art محفوظ است | Tested on: windows 8.1 Français V.Pro | Download :...

RCE in Zen Cart via Arbitrary File Inclusion

High-Tech Bridge Security Research Lab discovered critical vulnerability in a popular e-commerce software Zen Cart, which can be exploited by remote non-authenticated attackers to compromise vulnerable system. A remote unauthenticated attacker might be able to execute arbitrary PHP code on the...

Zenario CMS 7.0.7c Remote Code Execution

Zenario CMS 7.0.7c Remote Code Execution Vulnerability Vendor: Tribal Ltd. Product web page: http://www.zenar.io Affected version: = 7.0.7c and 7.1.0 svn Summary: Zenario is a web-based content management system for sites with one or many languages. It's designed to grow with your site, adding...

Unrestricted file upload

Unrestricted file upload vulnerability in mods/core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the...

CVE-2015-7712

Multiple eval injection vulnerabilities in mods/standard/gradebook/editmarks.php in ATutor 2.2 and earlier allow remote authenticated users with the ATPRIVGRADEBOOK privilege to execute arbitrary PHP code via the 1 asc or 2 desc parameter...

[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability

------------------------------------------------------------------------------- Magento = 1.9.2 catalogProductCreate Autoloaded File Inclusion Vulnerability ------------------------------------------------------------------------------- - Software Link: http://magento.com/ - Affected Versions:...

CVE-2015-5647

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866...

Code injection

The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...

Code injection

The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...

CVE-2015-5644

CVE-2015-5644 affects ICZ MATCHA SNS prior to 1.3.7. The installer fails to correctly configure the database, enabling a code injection path that allows a remote attacker to execute arbitrary PHP code. The vulnerability is tied to installer-time database configuration (CWE-94) and culminates in c...

Input validation

Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension...

Centreon 2.6.1 Unrestricted File Upload Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The vulnerability is caused due to the improper verification of uploaded files via the 'filename' POST...

CVE-2015-6968

Multiple incomplete blacklist vulnerabilities in the serendipityisActiveFile function in include/functionsimages.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .pht or 2 .phtml extension...