98 matches found
GetSimple CMS Remote Code Execution Vulnerability
GetSimple CMS is a content management system CMS written in PHP. A remote code execution vulnerability exists in GetSimple CMS version 3.3.15 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system...
UBUNTU-CVE-2019-6799
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...
phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read
phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read !/usr/bin/env python coding: utf8 import socket import asyncore import asynchat import struct import random import logging import logging.handlers PORT = 3306 log = logging.getLoggername log.setLevellogging.DEBUG tmpformat =...
CVE-2017-7970
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server...
CVE-2017-7970
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server...
Design/Logic Flaw
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server...
CVE-2017-7970
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server...
phpMyAdmin Denial of Service Vulnerability (CNVD-2016-12351)
phpmyadmin is an online management tool for MySQL databases. A denial of service vulnerability exists in phpMyAdmin versions 4.6.x, 4.4.x, 4.0.x. The vulnerability can be exploited by configuring $cfg'AllowArbitraryServer'=true. Configuring $cfg'AllowArbitraryServer'=true allows an attacker to...
UBUNTU-CVE-2016-9860
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...
DEBIAN-CVE-2016-9860
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...
ALPINE-CVE-2016-6622
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
DEBIAN-CVE-2016-6622
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
UBUNTU-CVE-2016-6622
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
UBUNTU-CVE-2016-6629
An issue was discovered in phpMyAdmin involving the $cfg'ArbitraryServerRegexp' configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x...
Zenphoto 1.4.10 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Zenphoto 1.4.10 - Local File Inclusion Vulnerability Vendor: ==================== www.zenphoto.org Product: =================== Zenphoto 1.4.10 Vulnerability Details: ====================== Zen Photos pluginDoc.php PHP file is vulnerable to...
Command injection
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a "too-short" salt...
CVE-2015-5288
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a "too-short" salt...
Kirby CMS Cross-Site Request Forgery Vulnerability
Kirby CMS is a file-based content management system that is flexible, easy to use and easy to install. KirbyCMS suffers from a cross-site request forgery vulnerability in its implementation, which could be exploited by an attacker to execute arbitrary script code in the context of an affected...
Yoast Google Analytics Stored Cross Site Scripting
OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...
PHPAlbum 0.2.3/4.1 - Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15651/info phpAlbum is prone to a local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserve...