Php-Stats 0.1.9.2 - Multiple Vulnerabilities Exploit

No description provided by source. ?php / Php-Stats 0.1.9.2 Multiple Vulnerabilities Exploit Blind SQL Injection / Remote Code Execution P.o.C. author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://php-stats.com/downloads details..: works with magicquotesruntime = off 1 Blind SQL...

123 Flash Chat 5.0 - Remote Code Injection Weakness

No description provided by source. source: http://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attackers to tak...

SysCP 1.2.x Multiple Script Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. The following specific vulnerabilities were identified: The application is affected by a remote file include vulnerability. An attacker can includ...

ig shop 1.0 (eval/SQL Injection) Multiple Vulnerabilities

No description provided by source. If eval is the answer, then you are asking the wrong question. --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval cart$action;;...

PHP Support Tickets 2.2 - Code Execution

No description provided by source. Exploit Title: PHP Support Tickets v2.2 Code Exec Google Dork: PHP Support Tickets v2.2 Date: 26.09.2010 Author: brainpillow Software Link: http://www.phpsupporttickets.com/ Version: 2.2 ==================================================================== Vuln...

PHP-Charts 1.0 - PHP Code Execution Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

OpenSIS 'modname' - PHP Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...

phpFox <= 3.0.1 (ajax.php) Remote Command Execution Exploit

No description provided by source. ?php / ----------------------------------------------------------- phpFox = 3.0.1 ajax.php Remote Command Execution Exploit ----------------------------------------------------------- author.............: Egidio Romano aka EgiX mail...............:...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1064-1)

Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0 update bnc777588 - MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards - MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-20 12-1975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/ CVE-2012-3959...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4073)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.17, fixing various security issues. Following security issues were fixed: MFSA 2010-74 / CVE-2010-3777: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products...

CVE-2014-3453

Eval injection vulnerability in the flagimportformvalidate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import...

Design/Logic Flaw

Eval injection vulnerability in the flagimportformvalidate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import...

CVE-2014-3453

Eval injection vulnerability in the flagimportformvalidate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import...

CVE-2014-3453

CVE-2014-3453 affects the Drupal Flag module (flag import) where the eval injection occurs in flag_import_form_validate inside includes/flag.export.inc for Drupal 7.x-3.0, 7.x-3.5 and earlier. This enables remote code execution via the Flag import code text area (admin/structure/flags/import) for...

GNU Emacs: Multiple vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs: When ‘global-ede-mode’ is enabled, EDE in Emacs automatically loads a Project.ede file from the project directory CVE-2012-0035. When...

Joomla JomSocial 2.6 Code Execution Exploit

Joomla JomSocial component version 2.6 remote PHP code execution exploit. !/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla!...

Joomla JomSocial 2.6 Code Execution

!/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla! JomSocial component. Note that in order to be able to execute PHP code, both the...

Design/Logic Flaw

Eval injection vulnerability in frontview/lib/nphandler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."...

CVE-2013-2751

Eval injection vulnerability in frontview/lib/nphandler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."...

CVE-2013-2751

The CVE-2013-2751 entry concerns NETGEAR ReadyNAS RAIDiator (FrontView) via np_handler.pl. A Perl eval() usage flaw in frontview/lib/np_handler.pl allows remote code execution through crafted requests (notably related to the forgot password workflow), enabling unauthenticated RC across affected v...