Sql injection

Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 userpass parameter in gologin.php or the PATHINFO to 3 gologin/validatecredentials/admin/ or 4 index.php/gosite/gogetuserinfo/...

Unrestricted file upload

Unrestricted file upload vulnerability in goaudiostore.php in the audiostore Voice Files upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque...

Command injection

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATHINFO...

Command injection

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATHINFO...

CVE-2015-2842

Unrestricted file upload vulnerability in goaudiostore.php in the audiostore Voice Files upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque...

CVE-2015-2843

Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 userpass parameter in gologin.php or the PATHINFO to 3 gologin/validatecredentials/admin/ or 4 index.php/gosite/gogetuserinfo/...

CVE-2015-2844

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATHINFO...

CVE-2015-2844

CVE-2015-2844 affects GoAutoDial GoAdmin CE prior to 3.3-1420434000. The cpanel function in go_site.php processes the PATH_INFO action segment, and unsafely passes it to command execution, enabling remote attackers to run arbitrary commands. Impact: remote code execution with complete system comp...

CVE-2015-2843

GoAutoDial GoAdmin CE is vulnerable to SQL injection in go_login.php (parameters user_name, user_pass) and via PATH_INFO in go_login/validate_credentials/admin/ or index.php/go_site/go_get_user_info/. Affected versions are GoAutoDial GoAdmin CE before 3.3-1421902800. The root cause is inadequate ...

CVE-2015-3457

CVE-2015-3457 affects Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0, enabling remote attackers to bypass authentication through the forwarded parameter. The initial and related records consistently describe an authentication bypass vulnerability without details on ex...

CVE-2015-3458

CVE-2015-3458 affects Magento CE 1.9.1.0 and EE 1.14.1.0. The fetchView function in Mage_Core_Block_Template_Zend does not restrict the stream wrapper in a template path, enabling remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setSc...

CVE-2015-1399

Magento CE 1.9.1.0 and EE 1.14.1.0 are affected by a PHP Remote Code Execution via the fetchView() in Mage_Core_Block_Template_Zend, caused by insufficient security checks when including a URL through setScriptPath. An authenticated administrator could execute arbitrary PHP on the server. No expl...

GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection

GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection Affected software: GoAutoDial Affected version: 3.3-1406088000 GoAdmin and previous releases of GoAutodial 3.3 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory:...

GoAutoDial CE 2.0 - Shell Upload Vulnerability

Exploit for php platform in category web applications Title : GoAutoDial CE 2.0 Shell Upload Date : 28/02/2015 Author : R-73eN Software : GoAutoDial CE 2.0 Tested : On Linux vicisrv.loc 2.6.18-238.9.1.el5.goPAE 1 GoAutoDial CE 2.0 import socket import sys banner = "\n\n" banner +=" \n" banner +="...

GoAutoDial CE 2.0 - Arbitrary File Upload

Title : GoAutoDial CE 2.0 Shell Upload Date : 28/02/2015 Author : R-73eN Software : GoAutoDial CE 2.0 Tested : On Linux vicisrv.loc 2.6.18-238.9.1.el5.goPAE 1 GoAutoDial CE 2.0 import socket import sys banner = "\n\n" banner +=" \n" banner +=" | | / | / | / \ | | \n" banner +=" | || ' | | / | | /...

Fonality Trixbox CE 2.8.0.4 Command Execution

!/usr/bin/perl Title: Fonality trixbox CE remote root exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered & Coded: 2 June 2014 Published: 17 October 2014 MorXploit Research http://www.MorXploit.com Software: trixbox CE Version: trixbox-2.8.0.4.iso Vendor url:...

Fonality Trixbox CE 2.8.0.4 Command Execution Vulnerability

Fonality Trixbox CE version 2.8.0.4 remote root command execution exploit. !/usr/bin/perl Title: Fonality trixbox CE remote root exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered & Coded: 2 June 2014 Published: 17 October 2014 MorXploit Research http://www.MorXploit.com...

WordPress Contact Form 7 Plugin <= 3.5.2 - Remote Code Execution

Because of this vulnerability, attackers with admin access add uploader tag into contact form at the site and use it for CE via AFU attack. Solution Update the plugin...

CVE-2014-3064

CVE-2014-3064 affects IBM InfoSphere Master Data Management - Collaborative Edition (GDS component) and InfoSphere MDM Server for Product Information Management. A remote authenticated user can read arbitrary files via a crafted UNIX file parameter. Affected: Collaborative Edition v10.0/10.1/11.x...

Digital Illusions CE Codename Eagle Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11887/info A remote denial of service vulnerability reportedly affects Digital Illusions CE Codename Eagle. This issue is due to a failure of the application to properly handle exceptional network data. An attacker may...