Code injection

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

CVE-2011-5147

Static code injection vulnerability in ajaxsavename.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajaxfilecut.php and then to...

Log1 CMS - 'writeInfo()' PHP Code Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Log1 CMS writeInf...

Log1 CMS writeInfo() PHP Code Injection

This module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code...

WordPress Zingiri 2.2.3 Code Execution

get; 41. ifremoveTrailingSlash$sessionAction-getFolder == getParentPath$POST'id' && sizeof$selectedDocuments 42. 43. if$key = arraysearchbasename$POST'id', $selectedDocuments !== false 44. 45. $selectedDocuments$key = $POST'value'; 46. $sessionAction-set$selectedDocuments; 47. 48. 49. echo...

ZenPhoto 1.4.1.4 - 'ajax_create_folder.php' Remote Code Execution

?php / -------------------------------------------------------------------------- Zenphoto = 1.4.1.4 ajaxcreatefolder.php Remote Code Execution Exploit -------------------------------------------------------------------------- author............: Egidio Romano aka EgiX mail..............:...

ZenPhoto 1.4.1.4 - ajax_create_folder.php Remote Code Execution

ZenPhoto 1.4.1.4 - ajaxcreatefolder.php Remote Code Execution ?php / -------------------------------------------------------------------------- Zenphoto = 1.4.1.4 ajaxcreatefolder.php Remote Code Execution Exploit --------------------------------------------------------------------------...

aidiCMS 3.55 - 'ajax_create_folder.php' Remote Code Execution

?php / -------------------------------------------------------------------- aidiCMS v3.55 ajaxcreatefolder.php Remote Code Execution Exploit -------------------------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotcom...

WordPress Plugin Crawl Rate Tracker 2.0.2 - SQL Injection

WordPress Plugin Crawl Rate Tracker 2.0.2 - SQL Injection Exploit Title: WordPress Crawl Rate Tracker plugin wpdb-getresults"SELECT DATEFROMUNIXTIMEvisittime visitdate,robotname,COUNT total FROM $this-sbtrackingtable WHERE visittime = '$start' AND visittime trackingbotreportchartdata;...

CVE-2011-0645

SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the wheretime parameter in a get action...

Sql injection

SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the wheretime parameter in a get action...

CVE-2011-0645

SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the wheretime parameter in a get action...

CVE-2011-0645

CVE-2011-0645 corresponds to a SQL injection in PHPCMS 2008 V2, specifically in data.php via the where_time parameter of a get action, enabling remote arbitrary SQL execution. The vulnerability is due to improper handling of user-supplied input in the query, as reported across multiple sources (N...

CVE-2008-2638

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

1Book Guestbook Script Code Execution Vulnerability

No description provided by source. ========================================================= =============== JIKI TEAM Maroc And YameN =============== ========================================================= Author : jiko email : [email protected] Home : www.no-back.org & no-exploit.com Script ...

1Book Guestbook Script 1.0.1 - Code Execution

1Book Guestbook Script 1.0.1 - Code Execution ========================================================= =============== JIKI TEAM Maroc And YameN =============== ========================================================= Author : jiko email : [email protected] Home : www.no-back.org &...

AuraCMS 2.2 (gallery_data.php) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.auracms.org ! Detected...: 19.01.2008 ! Reported...: 25.01.2008 ! Response...: 30.01.2008 ! Background.: AuraCMS is a CMS based on PHP and SQL...

Code injection

Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...

Sql injection

Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php date.php was originally reported, but this appears to be in error...