OpenX flowplayer-3.1.1.min.js Backdoor Remote Code Execution

The version of OpenX installed on the remote host contains a backdoor and allows the execution of arbitrary PHP code, subject to the privileges under which the web server operates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

OpenX Releases Security Update

OpenX has released an important security update for OpenX Source, the open source ad serving product. The downloadable ZIP archive of OpenX Source 2.8.10 was compromised to include a backdoor that would allow an attacker to upload and execute arbitrary PHP code. Compromised OpenX Source ad server...

Unrestricted file upload

Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/...

php-Charts wizard/index.php PHP Execution

The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/index.php' script is not properly sanitized before being used in an eval call. An unauthenticated, remote attacker could leverage this vulnerability to...

PHP PHP-Charts Remote Code Execution

The vulnerability is due to lack of input sanitization in the affected function. A remote attacker can exploit this issue by sending a specially crafted script to the target server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary PHP code...

mkCMS - 'index.php' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is vulnerable; other versions may also be affected...

mkCMS - index.php Arbitrary PHP Code Execution

mkCMS - index.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is...

ZPanel Crafted Template Remote Command Execution Vulnerability

Exploit for php platform in category web applications There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor "templater"...

Server: Incomplete blacklist vulnerability

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows authenticated remote attackers to execute arbitrary PHP code by uploading a crafted file and accessing an uploaded PHP file. Note: Successful exploitation requires that the /data/ directory is stored inside the webroot and a...

Multiple Vulnerabilities in OpenX

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting XSS attacks and compromise vulnerable system. 1 Local File Inclusion in OpenX: CVE-2013-3514 Input passed via "group" HTTP GET...

CMSLogik 1.2.1 - Multiple Vulnerabilities

CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. The vulnerability is caused...

CMSLogik 1.2.1 - Multiple Vulnerabilities

!/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...

CVE-2013-1468

Cross-site request forgery CSRF vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors...

Server: Multiple code executions

A code executions vulnerability in ownCloud 4.5.6 and 4.0.11 and all prior versions allow authenticated remote attackers to execute arbitrary PHP code via unspecified POST parameters to translations.php in /core/ajax/ Commits: 74e73bc stable4, ece08cd stable45 Risk: Critical A code executions...

Ajax File Manager Remote Code Execution Exploit

Ajax File Manager is vulnable to execute abitrary php code injection, and not solution from the vendor. This is private exploit. You can buy it at https://0day.today...

php-Charts url.php Remote PHP Code Execution

The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/url.php' script is not properly sanitized before being used in a PHP eval call. An unauthenticated, remote attacker could leverage this vulnerability t...

Drupal Video Module 任意PHP代码执行漏洞

BUGTRAQ ID: 57525 Drupal是一款开源的内容管理平台。 Drupal Video 7.x-2.x模块存在任意PHP代码执行漏洞，攻击者可利用此漏洞在Web服务器上下文中执行任意PHP代码。 0 Drupal Video module 厂商补丁： Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://drupal.org/project/video...

CVE-2012-6509

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg...

Unrestricted file upload

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg...

PHP-Charts - Arbitrary PHP Code Execution

PHP-Charts - Arbitrary PHP Code Execution =============================================================== Vulnerable Software: php-chartv1.0 Official Site: http://php-charts.com/ Vuln: PHP Code Execution. =============================================================== Tested On: Debian squeeze...