1624 matches found
Wordpress InfusionSoft Plugin Upload Vulnerability
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include...
Wordpress InfusionSoft Upload
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...
CVE-2014-5324
Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file...
Unrestricted file upload
Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file...
Glype Proxy 1.4.9 Cookie Jar Path Traversal / Code Execution / Filter Bypass
A path traversal vulnerability has been identified in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or to remove critical files from the filesystem. Version 1.4.9 is affected. Glype Proxy version 1.4.9 suffers from a local address filer bypass...
WordPress N-Media file uploader Plugin <= 3.3 - Unrestricted File Upload
Because of this vulnerability, authenticated users can execute arbitrary PHP code by leveraging Author privileges to store a file. Solution Update the plugin...
SkaDate Lite 2.0 - Remote Code Execution Exploit
No description provided by source. !/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new platform...
WordPress Dagda Theme - Shell Upload Vulnerability
This theme is prone to a shell upload vulnerability. It allows an attacker to execute arbitrary PHP code. Solution Update the theme...
SkaDate Lite 2.0 - Remote Code Execution
SkaDate Lite 2.0 - Remote Code Execution !/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new...
SkaDate Lite 2.0 Remote Code Execution Exploit
Summary SkaDate Lite is a new platform that makes it easy to start online dating business in just a few easy steps. No programming or design knowledge is required. Install the solution, pick a template, and start driving traffic to your new online dating site. Description SkaDate Lite suffers fro...
CMSimple 4.4.4 - color Remote Code Execution
CMSimple 4.4.4 - color Remote Code Execution source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security...
CMSimple 4.4.4 - Remote File Inclusion
CMSimple 4.4.4 - Remote File Inclusion source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security...
Oxwall 1.7.0 Remote Code Execution Exploit
Summary Oxwall is unbelievably flexible and easy to use PHP/MySQL social networking software platform. Description Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thr...
Authentication flaw
The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...
CVE-2014-4725
The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...
Omeka 2.2.1 Remote Code Execution
!/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of library, museum, archives, and scholarly...
Omeka 2.2.1 - Remote Code Execution
Omeka 2.2.1 - Remote Code Execution !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...
Omeka 2.2.1 Remote Code Execution Exploit
Summary Omeka is a free, flexible, and open source web-publishing platform for the display of library, museum, archives, and scholarly collections and exhibitions. Its 'five-minute setup' makes launching an online exhibition as easy as launching a blog. Description Omeka suffers from an...
Gravity Board X 1.1 CSS Template Unauthorized Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged functions. An...
Magic News Plus 1.0.2 n_layouts.php link_parameters Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site...