7 matches found
Moodle 2.x/3.x - SQL Injection Exploit
Exploit for php platform in category web applications Exploit: Moodle SQL Injection via Object Injection Through User Preferences Date: April 6th, 2017 Exploit Author: Marko Belzetski Contact: email protected Vendor Homepage: https://moodle.org/ Version: 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8,...
Critical Moodle Vulnerability Could Lead to Server Compromise
A critical vulnerability in Moodle, an open source PHP-based learning management system deployed across scores of schools and universities, could expose the server its running on to compromise. Tens of thousands of universities worldwide, including the California State University system, the...
Magento Unauthenticated Arbitrary File Write
arbitrary write file // Date: 18/05/206 // Exploit Author: agix discovered by NETANEL RUBIN // Vendor Homepage: https://magento.com // Version: /shipping-information // in the response check the payment method it may vary from checkmo // // If you didn't provide whereToWrite, it will execute...
Debian Security Advisory DSA 3332-1 (wordpress - security update)
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect yo...
Debian DSA-3183-1 : movabletype-opensource - security update
Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and...
MediaWiki 1.22.1 PdfHandler Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki images/xnz.php 3. access to php-backdoor! http://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root 4. happy pwning!! Related files: thumb.php -- extract all GET array to params /extensions/PdfHandler/PdfHandlerbody.php --...
MediaWiki 1.22.1 PdfHandler - Remote Code Execution
MediaWiki 1.22.1 PdfHandler - Remote Code Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki images/xnz.php 3. access to php-backdoor! http://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root 4. happy pwning!! Related files: thumb.php -- extract all GET array to...