CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

jNews com_jnews 7.0.0 => 7.7.5 execute arbitrary PHP code

The vulnerability affects all variations of jNews, including the premium ones this is where the 7.7.5 comes in, not just the free version. The dork "inurl:comjnews" currently produces "About 37,100 results". The exploit will create a file on the targeted website and enable you to execute arbitrar...

FreeBSD : drupal7 -- multiple vulnerabilities (2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5)

Drupal Security Team reports : - Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...

Fedora 17 : drupal7-7.16-1.fc17 (2012-16442)

Fixes SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure - http://drupal.org/node/1815904 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

Drupal 7.x < 7.16 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 7.x prior to 7.16. It is, therefore, potentially affected by multiple vulnerabilities : - An arbitrary PHP code execution vulnerability exists due to an error in the 'installer.php' script. An attacker, under certain conditions, could u...

SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

Multiple vulnerabilities were discovered in Drupal core. Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PH...

drupal7 -- multiple vulnerabilities

Drupal Security Team reports: Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...

akcms code execution vulnerability-vulnerability warning-the black bar safety net

Last week digging out of the akcms background stencil getshell feeling nothing new, and then carefully looked at the code, found a comparison with“the future”of the hole, the code execution vulnerability, and the problem function is that the authors provided to the station user for secondary...

CVE-2012-5223

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

Code injection

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

Code injection

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...

phpMyAdmin server_sync.php Backdoor (PMASA-2012-5)

The phpMyAdmin install hosted on the remote web server contains a backdoor script, probably obtained from the cdnetworks-kr-1 SourceForge.net mirror site as part of the file phpMyAdmin-3.5.2.2-all-languages.zip. An unauthenticated, remote attacker can use this backdoor to execute arbitrary PHP co...

CVE-2012-0209

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification Trojan Horse in templates/javascript/opencalendar.js, which allows remote attackers to execute arbitrary...

CVE-2012-5159

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

CVE-2012-0209

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification Trojan Horse in templates/javascript/opencalendar.js, which allows remote attackers to execute arbitrary...

CVE-2012-1625

Eval injection vulnerability in the fillpdfformexportdecode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors...

Sql injection

Eval injection vulnerability in the fillpdfformexportdecode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors...

CVE-2012-3572

Open Source Competency Center OSCC MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document...

CVE-2012-3527

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...