Serendipity include/functions_entries.inc.php SQL Injection Vulnerability

Serendipity is a WEB application. Serendipity include/functionsentries.inc.php suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Sql injection

SQL injection vulnerability in include/functionsentries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter...

DOS vulnerabiltiy in table editing

PMASA-2017-3 Announcement-ID: PMASA-2017-3 Date: 2017-01-24 Summary DOS vulnerabiltiy in table editing Description It was possible to trigger recursive include operation by crafter parameters when editing table data. Severity We consider this to be non critical. Mitigation factor Do not click on...

Chromebackdoor graniet v3.0 web panel Multi Vulnerability

Exploit for php platform in category web applications Exploit Title: botnet graniet chrome backdoor v3.0 web panel multi vulnerability Date: 10-1-2017 Exploit Author: alqnas eslam Vendor Homepage:fb.com/alqnas4 Software Link:https://github.com/graniet/chromebackdoor Tested on:any os 1- cross site...

DEBIAN-CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

Deserialization of untrusted data

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

UBUNTU-CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

Code injection

include/functionsinstaller.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include call in the...

U.S. Dept Of Defense: Server-side include injection vulnerability in a DoD website

A Department of Defense website was vulnerable to a Server-Side Include Injection attack which could have allowed an attacker to inject code into HTML pages or, under some circumstances, perform remote code execution. @jutsuce was as able to demonstrate this vulnerability by crafting a specially...

Remote Code Execution (RCE)

Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Remote Code Execution by letting the attacker under certain conditions control the source folder from which the engine renders include files. You can read more about this vulnerability on th...

EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution

EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYPHP-DEV-SERVER-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ===============...

CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

Railo Remote File Include (CVE-2014-5468)

This module exploits a remote file include vulnerability in Railo. A vulnerability in thumbnail.cfm allows an attacker to download an arbitrary PNG file, and by taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the...

Multiple vulnerabilities in ePhone Disk

EPhone Disk is lightweight file manager to download, organize, deliver, and read files offline. ePhone Disk suffers from File Include, Local Command and Path Injection, and Remote Denial of Service vulnerabilities. Allows remote attackers to compromise web applications or mobile devices with...

Multiple Vulnerabilities in iStArtApp FileXChange

FileeXChange is a handy file manager for iPhone, iPod Touch and iPad. iStArtApp FileXChange suffers from file include, arbitrary file upload, local command, and path injection vulnerabilities. Allows remote attackers to compromise a web application or mobile device with unauthorized requests...

Atlassian Confluence arbitrary file include Vulnerability (CVE-2015-8399)

Affect the Assembly: Atlassian Confluence Atlassian Confluence is less than 5. 8. 17 versions of the service exist in the arbitrary file read and directory traversal vulnerabilities /spaces/viewdefaultdecorator. action? decoratorName=. Lists the current directory /spaces/viewdefaultdecorator...

WordPress Mail Masta Plugin 1.0 - local file inclusion

This file contains the vulnerability allows an attacker to include a file,usually using a“dynamic file include”mechanisms in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. Source file: /inc/campaign/countofsend.php Line 4:...

PT-2016-3420 · Perl +2 · Perl +2

Name of the Vulnerable Software and Affected Versions: Perl versions prior to 5.22.3-RC2 Perl versions 5.24 prior to 5.24.1-RC2 Description: The issue is related to errors in privilege management in the Perl interpreter, specifically with the handling of the included directory array "@INC". This...