Design/Logic Flaw

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a ' backslash quote in the setting fields to /wp-admin/options-media.php, related to the createfunction function...

pivotx -- Multiple unrestricted file upload vulnerabilities

Pivotx reports: Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .php or 2 .php extension, and then accessing it via unspecified vectors...

Design/Logic Flaw

Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...

Design/Logic Flaw

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered ...

CVE-2011-5273

Directory traversal vulnerability in shared/package-installer in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. dot dot in the pkg parameter in a doinstall action to dtc/...

CVE-2013-2089

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data...

CVE-2014-2088

Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an uploadfiles action to the uploadFiles command, and then accessing the .php file via a direct request to a certain clientid pathname...

CVE-2014-2088

Summary : CVE-2014-2088 refers to an unrestricted file upload in ILIAS 4.4.1 (ilias.php) that allows remote authenticated users to execute arbitrary PHP code by uploading a .php filename via the upload_files action to the uploadFiles command and then accessing the uploaded file through a client_i...

Code injection

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args...

LiveZilla 'mobile/php/translation/index.php' 'g_language' Parameter Local File Inclusion

The version of LiveZilla installed on the remote web server fails to properly sanitize user-supplied input to the 'glanguage' parameter of the 'mobile/php/translation/index.php' script. A remote, unauthenticated attacker can exploit this issue to view arbitrary files or execute arbitrary PHP code...

espcms Command Execution Vulnerability可getshell（鸡肋）

简要描述： RT 详细说明： 在后台getshell，略鸡肋 在/datacache/command.php文件 $CONFIG=Array //ICP备案 'icpbeian'='', //网站状态 'isclose'=0, //管理员Email 'adminemail'='[email protected]', //网站网址 'domain'='http://localhost/espcms/', //日志记录 'islog'=1, ………… 后台修改网站系统设置后可将代码写入command.php中 访问command.php并传参...

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

Sql injection

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

Design/Logic Flaw

The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...

WordPress OptimizePress Theme File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'WordPress OptimizePress Theme File Upload Vulnerability', 'Description' = %q This module exploits a vulnerability found...

WordPress Amplus Cross Site Request Forgery Vulnerability

WordPress Amplus theme suffers from a cross site request forgery vulnerability. Title : Wordpress Amplus Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Vendor : http://themeforest.net Download :...

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

Joomla Joomleague Shell Upload

Exploit Title: joomla comjoomleague execute arbitrary PHP code Exploit Google Dork: inurl:comjoomleague Date: 01-11-2013 Exploit Author: wantexz Vendor Homepage:http://www.joomleague.net/ Software Link:...

vTiger CRM 5.3.0 / 5.4.0 Authenticated Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'vTigerCRM v5.4.0/v5.3.0 Authenticated Remote Code Execution', 'Description' = %q vTiger CRM allows an authenticated user to upload...