Design/Logic Flaw

DISPUTED October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file...

CVE-2017-16941

October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a...

CVE-2017-16941

October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a...

CVE-2017-16903

Vulnerability summary: LvyeCMS up to version 3.1 is susceptible to remote code execution via directory traversal in the dir parameter combined with inline PHP in the content parameter during a template Style add request to index.php. This yields arbitrary PHP code execution on affected servers. T...

Design/Logic Flaw

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

Web Viewer 1.0.0.193 (Samsung SRN-1670D) File Upload

Exploit Title: Unrestricted file upload vulnerability - Web Viewer 1.0.0.193 on Samsung SRN-1670D Date: 2017-06-19 Exploit Author: Omar MEZRAG - 0xFFFFFF / www.realistic-security.com Vendor Homepage: https://www.hanwhasecurity.com Version: Web Viewer 1.0.0.193 on Samsung SRN-1670D Tested on: Web...

Unrestricted file upload

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...

CVE-2017-16524

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...

CVE-2017-16524

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...

CometChat Local File Inclusion

Exploit Title: CometChat Vendor Homepage: https://cometchat.com/ Version: 6.2.0 BETA 1 Tested on: Ubuntu Linux 14.04 -------------------------------------------------------------------------------------- In versions of CometChat before version v6.2.0 BETA 1 a bug existed which allowed any...

CometChat < 6.2.0 BETA 1 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: CometChat Vendor Homepage: https://cometchat.com/ Version: 6.2.0 BETA 1 Tested on: Ubuntu Linux 14.04 -------------------------------------------------------------------------------------- In versions of CometChat before version...

Remote Code Execution (RCE)

genix/cms is vulnerable to remote code execution RCE attacks. A malicious user can upload a module zip file containing arbitrary php code that executes arbitrary commands when extracted by the application...

CVE-2017-14764

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...

Code injection

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme...

CVE-2017-14764

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...

Remote Code Execution (RCE)

genix/cms is vulnerable to remote code execution RCE attacks. A malicious user can upload a theme zip file containing arbitrary php code that executes arbitrary commands when extracted by the application...

CVE-2017-14143

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzon...

Unrestricted file upload

Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file...

AlegroCart Arbitrary Code Execution Vulnerability

AlegroCart is an open source online business solution from the Canadian ALEGROCART team. AlegroCart version 1.2.8 has a remote file inclusion vulnerability in the 'getfile' function of the upload/admin2/controller/reportlogs.php file, which stems from the program failing to detect the 'filepath'...