Mandriva Linux Security Advisory : wordpress (MDVSA-2013:239)

Updated wordpress and php-phpmailer packages fix security vulnerabilities : wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations...

CVE-2013-4338

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations...

CVE-2013-4338

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations...

CVE-2013-5738

WordPress up to version 3.6.0 is affected by CVEs-2013-5738 and -5739. The vulnerability stems from wp-includes/functions.php:get_allowed_mime_types, which does not require the unfiltered_html capability for .htm/.html uploads, potentially enabling remote authenticated users to trigger XSS via a ...

MaxForum v1.0.0 Local File Inclusion Vulnerability

Exploit for php platform in category web applications +---------------------------------------+ | MaxForum v1.0.0 Local File Inclusion | +---------------------------------------+ Author.............: ahwak2000 Mail...............: z.u5athotmaildotcom Software link......: http://www.max4dev.com/...

MaxForum 1.0.0 - Local File Inclusion

+---------------------------------------+ | MaxForum v1.0.0 Local File Inclusion | +---------------------------------------+ Author.............: ahwak2000 Mail...............: z.u5athotmaildotcom Software link......: http://www.max4dev.com/ Tested versions....: 1.0 Dork...............: Powered b...

WordPress <=3.4.1 registration-functions.php绝对路径泄露漏洞

No description provided by source...

CVE-2012-3805

Multiple cross-site scripting XSS vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 absendername, 2 absenderemail, or 3 absendernachricht parameter to the content page; 4...

phpldapadmin 1.2.1.1 lib-functions.php 代码执行漏洞

No description provided by source...

PhpTSMadmin 0.7.0 (functions.php) Remote Code Execution

Exploit for php platform in category web applications ?php / +------------------------------------------------------------------+ + PhpTSMadmin 0.7.0 functions.php Remote Code Execution + +------------------------------------------------------------------+ Web-App : PhpTSMadmin 0.7.0 Vendor :...

CVE-2011-5026

Cross-site scripting XSS vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information...

fims File Management System 1.2.1a - Multiple Vulnerabilities

fims File Management System 1.2.1a - Multiple Vulnerabilities Exploit Title: fims - File Management System execute"select from fimsuser where email='$email' and password=md5'$password'"; if $db-numrows$rs0 return true; else return false; Line 51 of index.php: if isset$REQUESTf...

WordPress Plugin Photo Album Plus 4.1.1 - SQL Injection

WordPress Plugin Photo Album Plus 4.1.1 - SQL Injection Exploit Title: WP Photo Album Plus 1,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0&wppa-cover=0&wppa-occur=1 wppa-album=1 AND 1=IF21,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0&wppa-cover=0&wppa-occur=1 e.g. wget...

CVE-2011-3371

Multiple cross-site scripting XSS vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 formsent, 3 csrftoken, 4 reqconfirm, or 5 delete parameter to delete.php, the 6 id, 7 formsent, 8 csrftoken, 9 reqmessage,...

ZoneMinder 1.24.3 - Remote File Inclusion

Exploit Title: Zoneminder 1.24.3 Remote File Inclusion Vulnerability Date: 2011-07-22 Author: Iye iyedotcba-at-gmaildotcom Software Link: http://www.zoneminder.com/ Version: 1.24.3 Tested. 1.24.4 probably too, not tested Tested on: Ubuntu 10.04 You must be authenticated as a user in the Web App t...

S40 CMS 0.4.2b - Local File Inclusion

Security Advisory Details: 07/04/2001 Script S40 CMS 0.4.2 Beta Location http://s40.biz/?p=download Vulnerability Local File Inclusion Original Adv http://y-osirys.com/security/exploits/id27 Author Giovanni Buzzin, "Osirys" Site y-osirys.com Contact osirysatautisticidotorg...

openSite 0.2.2 Beta - Local File Inclusion

openSite 0.2.2 Beta - Local File Inclusion opensite-v0.2.2-beta === Local File Include vuln By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/contentone/files/openSite/opensite-v0.2.2-beta/opensite-v0.2.2-beta.zip/download...

openSite 0.2.2 Beta Local File Inclusion

opensite-v0.2.2-beta === Local File Include vuln By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/contentone/files/openSite/opensite-v0.2.2-beta/opensite-v0.2.2-beta.zip/download ========================================= xpl :...

CVE-2010-2545

Cacti before 0.8.7g contains multiple XSS vulnerabilities (including CVE-2010-2545) in various templates and admin paths. The GLSA notes remote script injection and the need to upgrade to the 0.8.8+ series as remediation; affected vectors include template name and numerous PHP/graph-related compo...

Kayako eSupport (functions.php) v3.70.02 SQL Injection Vulnerability

Exploit for php platform in category web applications ==================================================================== Kayako eSupport functions.php v3.70.02 SQL Injection Vulnerability ==================================================================== Name : Kayako eSupport v3.70.02 SQL...