4 matches found
OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal
The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin PoC As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFapproot parameter to 1 tcuser.class.php, 2 absencecount.inc.php, 3 avatar.inc.php, 4 csvhandler.class.php, 5 functions.tcpro.php, 6...
Remote file inclusion
PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSAAINCPATH parameter in 1 cached.php3, 2 cron.php3, 3 discussion.php3, 4 filldisc.php3, 5 filler.php3, 6 fillform.php3, 7 go.php3, 8 hiercons.php3, 9...
APC ActionApps CMS 2.8.1 Remote File Include Vulnerabilities
No description provided by source. DEVIL TEAM THE BEST POLISH TEAM APC ActionApps CMS 2.8.1 - Remote File Include Vulnerabilities Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl site:...