725 matches found
CVE-2014-7260
The Server Side Includes SSI implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives...
JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution
i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Impact An arbitrary command may be execute...
PBBoard CMS SQL Injection Vulnerability
PBBoard CMS version 3.0.1 updated on 13/09/2014 and below suffer from multiple remote SQL injection vulnerabilities. Vulnerability title: SQL Injection in PBBoard CMS CVE: CVE-2014-9215 CMS: PBBoard Vendor: Power bulletin board - http://www.pbboard.info/ Product:...
Wordpress 3.9.2 /wp-includes/formatting.php č·Øē«čę¬ę¼ę“
No description provided by source...
CVE-2014-5203
CVE-2014-5203 affects WordPress 3.9.x before 3.9.2, where the widget implementation in wp-includes/class-wp-customize-widgets.php can be triggered to execute arbitrary code via crafted serialized data. The NVD/NVŠ records show a high severity (base score 7.5) with network exploitability and no au...
Delightful Downloads 1.3.1.1 - includes/functions.php User-Agent HTTP Header Stored XSS
The Delightful Downloads WordPress plugin was affected by an includes/functions.php User-Agent HTTP Header Stored XSS security vulnerability...
JS MultiHotel 2.2.1 - includes/delete_img.php path Parameter Reflected XSS
The js-multihotel WordPress plugin was affected by an includes/deleteimg.php path Parameter Reflected XSS security vulnerability...
WordPress <= 3.3.2 - Cross-Site Scripting (XSS) in wp-includes/default-filters.php
...
WordPress 1.0-3.8.1 - Authenticated Admin Blind SQL Injection
Description The vulnerable line in question is line 230 of wp-includes/bookmark.php in WordPress 3.8.1...
Gnat-TGP <= 1.2.20 Remote File Include Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class GnatTGPRemoteFileIncludePOCBase: vulID = '67834' version = '1' vulDate = '2010-03-03' author = ' '...
Imatix Xitami 2.5 Server Side Includes Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to properly sanitize user-supplie...
WHMCS 4.x & 5.x - Multiple Web Vulnerabilities
No description provided by source. Exploit Title: WHMCS v4.x & v5.x - Multiple Web Vulnerabilities Date: 2013-12-10 Exploit Author: ahwak2000 Vendor Homepage: http://whmcs.com/ Version: 4.x , 5.x Tested on: win 7 +------------------+ | Vulnerability | +------------------+ File :...
Signkorn Guestbook <= 1.3 (dir_path) Remote File Include Vulnerability
No description provided by source. ============================================================================================== Signkorn Guestbook = v1.3 dirpath Remote File Inclusion Exploit =============================================================================================== Critica...
ASCET Interactive Huski CMS 'i' Parameter Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38126/info Huski CMS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the computer;...
blogplus 1.0 - Multiple Local File Inclusion Vulnerabilities
No description provided by source. --:local file include:-- --------------------------------- script:blog+ v1.0 ---------------------------------------------- download from:http://www.ziddu.com/download/3151643/blogplusv1.0final.zip.html ----------------------------------------------...
PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
Drake CMS < 0.2.3 ALPHA rev.916Remote File Inclusion Vulnerability
No description provided by source. Coding 4 Fun c4f.pl Drake CMS v0.2.2 ALPHA rev.846 http://drakecms.org ; Class = Remote File Inclusion ; Download = https://sourceforge.net/project/showfiles.php?groupid=166901&packageid=192077&releaseid=420102 ; Found by = GregStar gregstaratc4fdotpl ;...
Job Site 1.0 - Multiple Vulnerabilities
No description provided by source. Jobsite logo - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...
WordPress 2.1.1 wp-includes/theme.php iz Variable Arbitrary Command Execution
No description provided by source...
Lanius CMS <= 0.5.2 - Remote Arbitrary File Upload Exploit
No description provided by source. ?php / -------------------------------------------------------- Lanius CMS = 0.5.2 Remote Arbitrary File Upload Exploit -------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.laniuscms.org/...