WordPress Woopra Remote Code Execution

WordPress Woopra plugin remote PHP arbitrary code execution exploit. Exploit Title: woopra plugins execute arbitrary PHP code Exploit Google Dork: inurl:/plugins/woopra/inc/php-ofc-library , inurl:wp-content/plugins/woopra/inc/ Date: 06-10-2013 Exploit Author: wantexz Vendor...

WordPress Plugin SEO Watcher - ofc_upload_image.php Arbitrary PHP Code Execution

WordPress Plugin SEO Watcher - ofcuploadimage.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/62825/info The SEO Watcher plugin for WordPress is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code with...

WordPress SEO Watcher Plugin - Arbitrary PHP Code Execution

SEO Watcher plugin's "ofcuploadimage.php" is prone to an arbitrary PHP code execution vulnerability. It allows an attacker to execute arbitrary PHP code within the context of the web server. Solution Upgrade the plugin...

GLPI 0.84.1 Access Control / Code Injection

Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12, 2013 Public Disclosure: October 2, 2013...

GLPI 0.84.1 - Multiple Vulnerabilities

Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12, 2013 Public Disclosure: October 2, 2013...

Astium Remote Code Execution

This module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to...

Remote Code Execution in GLPI

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in GLPI, which can be exploited to bypass security restrictions and execute arbitrary PHP code with privileges of web server. 1 Improper Access Control in GLPI The vulnerability exists due to insufficient access restrictio...

OpenX flowplayer-3.1.1.min.js Backdoor Remote Code Execution

The version of OpenX installed on the remote host contains a backdoor and allows the execution of arbitrary PHP code, subject to the privileges under which the web server operates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

OpenX Releases Security Update

OpenX has released an important security update for OpenX Source, the open source ad serving product. The downloadable ZIP archive of OpenX Source 2.8.10 was compromised to include a backdoor that would allow an attacker to upload and execute arbitrary PHP code. Compromised OpenX Source ad server...

Unrestricted file upload

Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/...

PHP PHP-Charts Remote Code Execution

The vulnerability is due to lack of input sanitization in the affected function. A remote attacker can exploit this issue by sending a specially crafted script to the target server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary PHP code...

mkCMS - 'index.php' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is vulnerable; other versions may also be affected...

mkCMS - index.php Arbitrary PHP Code Execution

mkCMS - index.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is...

ZPanel Crafted Template Remote Command Execution Vulnerability

Exploit for php platform in category web applications There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor "templater"...

Server: Incomplete blacklist vulnerability

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows authenticated remote attackers to execute arbitrary PHP code by uploading a crafted file and accessing an uploaded PHP file. Note: Successful exploitation requires that the /data/ directory is stored inside the webroot and a...

Multiple Vulnerabilities in OpenX

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting XSS attacks and compromise vulnerable system. 1 Local File Inclusion in OpenX: CVE-2013-3514 Input passed via "group" HTTP GET...

CMSLogik 1.2.1 - Multiple Vulnerabilities

CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. The vulnerability is caused...

CMSLogik 1.2.1 - Multiple Vulnerabilities

!/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...

Server: Multiple code executions

A code executions vulnerability in ownCloud 4.5.6 and 4.0.11 and all prior versions allow authenticated remote attackers to execute arbitrary PHP code via unspecified POST parameters to translations.php in /core/ajax/ Commits: 74e73bc stable4, ece08cd stable45 Risk: Critical A code executions...

Ajax File Manager Remote Code Execution Exploit

Ajax File Manager is vulnable to execute abitrary php code injection, and not solution from the vendor. This is private exploit. You can buy it at https://0day.today...