EUVD-2006-4471

Malware in sbrugna...

CVE-2021-30134

php-mod/curl a wrapper of the PHP cURL extension before 2.3.2 allows XSS via the postfilepathupload.php key parameter and the POST data to postmultidimensional.php...

SugarCRM 13.0.1 Shell Upload Exploit

SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the setnoteattachment SOAP call. ------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability...

SugarCRM 13.0.1 Shell Upload

------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions:...

SUSE CVE-2006-4483

The cURL extension files 1 ext/curl/interface.c and 2 ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPTFOLLOWLOCATION option when openbasedir or safemode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache...

CVE-2021-30134

php-mod/curl a wrapper of the PHP cURL extension before 2.3.2 allows XSS via the postfilepathupload.php key parameter and the POST data to postmultidimensional.php...

Sensitive Data Exposure in elFinder

php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safemode or openbasedir is not set...

ImpressCMS 1.4.2 Remote Code Execution

?php / ---------------------------------------------------------- ImpressCMS = 1.4.2 SQL Injection to Remote Code Execution ---------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................: n0b0d13satgmaildotcom software link.......:...

elFinder <= 2.1.44 Information Disclosure Vulnerability

elFinder is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:std42:elfinder";...

Code injection

php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safemode or openbasedir is not set...

CVE-2019-5884

php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safemode or openbasedir is not set...

CVE-2019-5884

The CVE-2019-5884 entry concerns information disclosure in the elFinder project. It affects elFinder versions up to and including 2.1.44 (before 2.1.45), where PHP’s curl extension, combined with unsafe PHP configurations (safe_mode or open_basedir not set), can leak information. Root cause is ti...

PHP 5.6.x < 5.6.2 Multiple Vulnerabilities

According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.2. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function 'mkgmtime' that can allow application crashes or arbitrary code execution. CVE-2014-3668...

PHP 5.4.x < 5.4.34 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.34. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function 'mkgmtime' that can allow application crashes or arbitrary code execution. CVE-2014-366...

IPB 3.0.1 - SQL Injection exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB 3.0.1 sql injection exploit // Version 1.0 // written by Cryptovirus //...

more.groupware <= 0.74 (new_calendarid) Remote SQL Injection Exploit

No description provided by source. ? errorreportingEERROR; function exploitinit if !extensionloaded'phpcurl' && !extensionloaded'curl' if !dl'curl.so' && !dl'phpcurl.dll' die oo error - cannot load curl extension!; function exploitheader echo...

webSPELL <= 4.01 (title_op) Remote SQL Injection Exploit

No description provided by source. ? errorreportingEERROR; function xssinit if !extensionloaded'phpcurl' if !dl'curl.so' and !dl'phpcurl.so' and !dl'phpcurl.dll' die oo error - cannot load curl extension!; function xssheader echo...

ilchClan <= 1.05g (tid) Remote SQL Injection Exploit

No description provided by source. ? errorreportingEERROR; function xssinit if !extensionloaded'phpcurl' if !dl'curl.so' and !dl'phpcurl.so' and !dl'phpcurl.dll' die oo error - cannot load curl extension!; function xssheader echo...

OpenConf <= 4.11 (author/edit.php) Remote Blind SQL Injection Exploit

No description provided by source. ?php / --------------------------------------------------------------------- OpenConf = 4.11 author/edit.php Remote Blind SQL Injection Exploit --------------------------------------------------------------------- author...............: Egidio Romano aka EgiX...

PHPNuke 6.x Category Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9630/info It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the...