CVE-2009-5095

PHP remote file inclusion vulnerability in indexinc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the incordner parameter...

WordPress TimThumb 1.32 Code Execution

Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php Version: 1.32 Screenshot: See attachment...

VulnCheck KEV: CVE-2009-1151

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

CVE-2011-1584

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...

Information disclosure

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...

Code injection

WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file...

Vanilla Forum p Parameter Local File Inclusion

The remote web server hosts Vanilla Forums, an open source forum software written in PHP. The installed version of Vanilla Forums uses a '/' character in the 'AnalyzeRequest' method in 'library/core/class.dispatcher.php' to separate input passed via the 'p' parameter of the 'index.php' script int...

Aphpkb 0.95.4 PHP Execution

------------------------------------------------------------------------ --PoC--...

Joomla 1.6.0 SQL Injection / PHP Execution

Requirements require 'msf/core' Class declaration class Metasploit3 'Joomla 1.6.0 // SQL Injection - PHP Execution', 'Description' = %q A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage...

OmegaBill 1.0 Build 6 Multiple Vulnerabilities

Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution Download................http://sourceforge.net/projects/omegabill/ Release...

omegabill 1.0 build 6 - Multiple Vulnerabilities

omegabill 1.0 build 6 - Multiple Vulnerabilities Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP...

OmegaBill 1.0 Build 6 Arbitrary PHP Execution

------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution Download................http://sourceforge.net/projects/omegabill/ Release Date............2/11/2011 Tested...

omegabill 1.0 build 6 - Multiple Vulnerabilities

Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution...

CrawlTrack Unspecified Vulnerability

The host is running CrawlTrack and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: secpodcrawltrackunspecifiedvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ CrawlTrack Unspecified Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 SecPod, http://www.secpod.com This...

CVE-2009-5053

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file...

CVE-2009-5053

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file...

MODx Evo 1.0.4 (and prior) SQL Injection and Directory Traversal Vulnerabities

Status: Solved Product: MODx Evolution Severity: High Versions: 1.0.4 and prior Advisory Date: 2011-01-26 Fixed Date: 2011-01-19 Impact: a A remote attacker may access or view arbitrary files on the server. b A remote attacker may execute arbitrary PHP code as a result of SQL injection. Descripti...

CVE-2011-0635

Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...

CVE-2011-0635

Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...

CVE-2011-0635

CVE-2011-0635 affects Simploo CMS 1.7.1 and earlier. The vulnerability is a static code injection flaw where remote authenticated users can inject arbitrary PHP into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation of index.php. ...