[PT-2011-02] PHP code Injection in Kayako Support Suite

----------------------------------------------------------------- PT-2011-02 Positive Technologies Security Advisory PHP code Injection in Kayako Support Suite ----------------------------------------------------------------- --- Vulnerable software Kayako Support Suite Version: 3.70.02-stable an...

Multiple vulnerabilities in ZENphoto

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ZENphoto, which can be exploited to perform arbitrary PHP code execution, sql injection and cross site scripting attacks. 1 Arbitrary PHP Code Execution in ZENphoto: CVE-2012-0993 Input passed via...

JVN#40498018: WordPress vulnerable to arbitrary PHP code execution

WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Update the software Update to the latest...

PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (1)

$r 454. if @$PageListSortCmp$o 455. $code .= "$c = $PageListSortCmp$o; "; 456. else 457. $code .= "$c = @strcasecmp$PCache$x'$o',$PCache$y'$o'; "; 458. $code .= "if $c return $r$c;\n"; 459. 460. StopWatch'PageListSort sort'; 461. if $code 462. uasort$list, 463. createfunction'$x,$y',...

FreeWebShop 2.2.9 R2 - 'ajax_save_name.php' Remote Code Execution

get; 41. ifremoveTrailingSlash$sessionAction-getFolder == getParentPath$POST'id' && sizeof$selectedDocuments 42. 43. if$key = arraysearchbasename$POST'id', $selectedDocuments !== false 44. 45. $selectedDocuments$key = $POST'value'; 46. $sessionAction-set$selectedDocum...

WordPress Zingiri 2.2.3 Code Execution

get; 41. ifremoveTrailingSlash$sessionAction-getFolder == getParentPath$POST'id' && sizeof$selectedDocuments 42. 43. if$key = arraysearchbasename$POST'id', $selectedDocuments !== false 44. 45. $selectedDocuments$key = $POST'value'; 46. $sessionAction-set$selectedDocuments; 47. 48. 49. echo...

phpLDAPadmin orderby Parameter Arbitrary PHP Code Execution

The version of phpLDAPadmin installed on the remote host does not sanitize input to the 'orderby' parameter of the 'cmd.php' script when 'cmd' is set to 'queryengine' before using it in a call to 'createfunction'. An unauthenticated, remote attacker can leverage this issue to execute arbitrary PH...

Code injection

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter aka sortby variable in a queryengine action to cmd.php, as exploited in the wild in October 2011...

Joomla NoNumber! Extension Manager Plugin Local File Include and PHP code Injection Vulnerabilities

NoNumber! Extension Manager is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user- supplied input. An attacker can exploit these issues to inject arbitrary PHP code and include and execute arbitrary files from the vulnerable system in the context of the...

MODx < 2.0.3-pl class_key Parameter Local File Inclusion

The version of MODx installed on the remote host fails to sanitize user-supplied input to the 'classkey' parameter of the 'manager/controllers/default/resource/tvs.php' script before using it to include PHP code. Using a specially crafted request, a remote, unauthenticated attacker may be able to...

CVE-2010-4924

PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party...

CVE-2010-4918

PHP remote file inclusion vulnerability in iJoomla Magazine commagazine component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php...

Remote file inclusion

PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter...

CVE-2010-4918

PHP remote file inclusion vulnerability in iJoomla Magazine commagazine component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php...

CVE-2010-4878

PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpfad parameter...

CVE-2009-5095

PHP remote file inclusion vulnerability in indexinc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the incordner parameter...

WordPress TimThumb 1.32 Code Execution

Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php Version: 1.32 Screenshot: See attachment...

VulnCheck KEV: CVE-2009-1151

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

CVE-2011-1584

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...

Information disclosure

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...