Lucene search
+L

52 matches found

seebug
seebug
added 2014/07/01 12:0 a.m.21 views

Piwik Open Flash Chart Remote Code Execution Vulnerability

No description provided by source. Bugtraq ID: 37314 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Dec 14 2009 12:00AM Updated: Dec 17 2009 06:03PM Credit: Braeden Thomas Vulnerable: Piwik Piwik 0.4.3 Piwik Piwik 0.4.2 Piwik Piwik 0.4.1 Piwik Piwik 0.4 Piwik Piwik 0.2.37 Piw...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.23 views

Open Flash Chart 2 Arbitrary File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient include...

7.1AI score
Exploits0
vulncheck_kev
vulncheck_kev
added 2014/05/06 12:0 a.m.6 views

VulnCheck KEV: CVE-2009-4140

Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users...

7.5CVSS5.8AI score0.75838EPSS
Exploits8References1
nvd
nvd
added 2014/03/12 2:55 p.m.41 views

CVE-2013-1636

Cross-site scripting XSS vulnerability in open-flash-chart.swf in Open Flash Chart aka Open-Flash Chart, as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews comjnews component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers ...

4.3CVSS5.7AI score0.06314EPSS
Exploits3References7
prion
prion
added 2014/03/12 2:55 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in open-flash-chart.swf in Open Flash Chart aka Open-Flash Chart, as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews comjnews component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers ...

4.3CVSS6.1AI score0.06314EPSS
Exploits3References7Affected Software3
cvelist
cvelist
added 2014/03/12 2:0 p.m.43 views

CVE-2013-1636

Cross-site scripting XSS vulnerability in open-flash-chart.swf in Open Flash Chart aka Open-Flash Chart, as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews comjnews component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers ...

5.7AI score0.06314EPSS
Exploits3References7
cve
cve
added 2014/03/12 2:0 p.m.65 views

CVE-2013-1636

CVE-2013-1636 is an XSS vulnerability in open-flash-chart.swf used by Open Flash Chart embedded in Pretty Link Lite (WordPress) before 1.6.3, JNews 8.0.1 for Joomla!, and CiviCRM 3.1.0–4.3.3. The underlying issue is an XSS flaw in the SWF component that allows remote injection of arbitrary script...

4.3CVSS5.8AI score0.06314EPSS
Exploits3References7Affected Software1
ptsecurity
ptsecurity
added 2014/03/12 12:0 a.m.8 views

PT-2014-2484 · Unknown +3 · Open Flash Chart +3

Name of the Vulnerable Software and Affected Versions: Open Flash Chart versions prior to the version used in Pretty Link Lite 1.6.3 Pretty Link Lite plugin versions prior to 1.6.3 JNews com jnews component version 8.0.1 CiviCRM versions 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3 Description: A...

4.3CVSS6AI score0.06314EPSS
Exploits3References11
zdt
zdt
added 2013/10/26 12:0 a.m.45 views

Open Flash Chart 2 Arbitrary File Upload Vulnerability

This Metasploit module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofcuploadimage.php' file in order to upload and execute malicious PHP files. This module requires Metasploit: http//metasploit.com/download Current source:...

7.5CVSS6.7AI score0.75838EPSS
Exploits8
packetstorm
packetstorm
added 2013/10/26 12:0 a.m.30 views

Open Flash Chart 2 Arbitrary File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Open Flash Chart v2 Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerability found in Open Flash...

7.5CVSS0.2AI score0.75838EPSS
Exploits8
exploitdb
exploitdb
added 2013/10/26 12:0 a.m.39 views

Open Flash Chart 2 - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Open Flash Chart v2 Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerability found in Open Flash...

7.4AI score
Exploits0
metasploit
metasploit
added 2013/10/24 12:16 p.m.21 views

Open Flash Chart v2 Arbitrary File Upload

This module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofcuploadimage.php' file in order to upload and execute malicious PHP files. This module requires Metasploit: https://metasploit.com/download Current source:...

7.3AI score
Exploits0
zdt
zdt
added 2013/05/15 12:0 a.m.24 views

Joomla Jnews 8.0.1 Cross Site Scripting Vulnerability

Joomla Jnews version 8.0.1 suffers from an Open Flash-Chart cross site scripting vulnerability. Exploit Title: Joomla comjnews Open Flash-Chart XSS Release Date: 14/05/2013 Author: Deepankar Arora And Rafay Baloch Blog: http://rafayhackingarticles.net Vendor: www.joobi.co Versions Affected:...

6.7AI score
Exploits0
packetstorm
packetstorm
added 2013/05/14 12:0 a.m.22 views

Joomla Jnews 8.0.1 Cross Site Scripting

Exploit Title: Joomla comjnews Open Flash-Chart XSS Release Date: 14/05/2013 Author: Deepankar Arora And Rafay Baloch Blog: http://rafayhackingarticles.net Vendor: www.joobi.co Versions Affected: 8.0.1latest and earlier Google Dork: inurl:comjnews Description: The vulnerability with Open-Flash...

Exploits0
exploitdb
exploitdb
added 2013/05/14 12:0 a.m.29 views

Open Flash Chart - 'get-data' Cross-Site Scripting

source: https://www.securityfocus.com/bid/59928/info Open Flash Chart is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score
Exploits0
nessus
nessus
added 2010/09/17 12:0 a.m.96 views

OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution

The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...

7.5CVSS5.9AI score0.75838EPSS
Exploits8References4
zdt
zdt
added 2010/02/19 12:0 a.m.30 views

Open Flash Chart/Pwiki Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ========================================================== Open Flash Chart/Pwiki Remote Code Execution Vulnerability ========================================================== Author: GoLdeN-z3r0 Title: Open Flash Chart/Pwiki Remote Code...

7.1AI score
Exploits0
openvas
openvas
added 2009/12/31 12:0 a.m.116 views

Piwik 0.2.35 - 0.4.3 PHP Code Execution Vulnerability

Piwik is prone to PHP Code Execution vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwik:piwik"; ifdescription...

7.5CVSS6.7AI score0.75838EPSS
Exploits8References4
seebug
seebug
added 2009/12/25 12:0 a.m.164 views

Piwik ofc_upload_image.php远程PHP代码执行漏洞

BUGTRAQ ID: 37314 CVECAN ID: CVE-2009-4140 Piwik是一款利用Php+MySQL技术构建的开源网页访问统计系统。 Piwik中使用了open-flash-chart模块执行制表操作,该模块没有正确的过滤提交给ofcuploadimage.php文件的name和HTTPRAWPOSTDATA参数便用于创建文件: ? $defaultpath = '../tmp-upload-images/'; if !fileexists$defaultpath mkdir$defaultpath, 0777, true; $destination =...

7.5CVSS6.5AI score0.75838EPSS
Exploits8
prion
prion
added 2009/12/22 10:30 p.m.19 views

Unrestricted file upload

Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users to...

7.5CVSS7.5AI score0.75838EPSS
Exploits8References16Affected Software2
Rows per page
Query Builder