52 matches found
Piwik Open Flash Chart Remote Code Execution Vulnerability
No description provided by source. Bugtraq ID: 37314 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Dec 14 2009 12:00AM Updated: Dec 17 2009 06:03PM Credit: Braeden Thomas Vulnerable: Piwik Piwik 0.4.3 Piwik Piwik 0.4.2 Piwik Piwik 0.4.1 Piwik Piwik 0.4 Piwik Piwik 0.2.37 Piw...
Open Flash Chart 2 Arbitrary File Upload
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient include...
VulnCheck KEV: CVE-2009-4140
Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users...
CVE-2013-1636
Cross-site scripting XSS vulnerability in open-flash-chart.swf in Open Flash Chart aka Open-Flash Chart, as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews comjnews component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers ...
Cross site scripting
Cross-site scripting XSS vulnerability in open-flash-chart.swf in Open Flash Chart aka Open-Flash Chart, as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews comjnews component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers ...
CVE-2013-1636
Cross-site scripting XSS vulnerability in open-flash-chart.swf in Open Flash Chart aka Open-Flash Chart, as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews comjnews component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers ...
CVE-2013-1636
CVE-2013-1636 is an XSS vulnerability in open-flash-chart.swf used by Open Flash Chart embedded in Pretty Link Lite (WordPress) before 1.6.3, JNews 8.0.1 for Joomla!, and CiviCRM 3.1.0–4.3.3. The underlying issue is an XSS flaw in the SWF component that allows remote injection of arbitrary script...
PT-2014-2484 · Unknown +3 · Open Flash Chart +3
Name of the Vulnerable Software and Affected Versions: Open Flash Chart versions prior to the version used in Pretty Link Lite 1.6.3 Pretty Link Lite plugin versions prior to 1.6.3 JNews com jnews component version 8.0.1 CiviCRM versions 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3 Description: A...
Open Flash Chart 2 Arbitrary File Upload Vulnerability
This Metasploit module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofcuploadimage.php' file in order to upload and execute malicious PHP files. This module requires Metasploit: http//metasploit.com/download Current source:...
Open Flash Chart 2 Arbitrary File Upload
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Open Flash Chart v2 Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerability found in Open Flash...
Open Flash Chart 2 - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Open Flash Chart v2 Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerability found in Open Flash...
Open Flash Chart v2 Arbitrary File Upload
This module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofcuploadimage.php' file in order to upload and execute malicious PHP files. This module requires Metasploit: https://metasploit.com/download Current source:...
Joomla Jnews 8.0.1 Cross Site Scripting Vulnerability
Joomla Jnews version 8.0.1 suffers from an Open Flash-Chart cross site scripting vulnerability. Exploit Title: Joomla comjnews Open Flash-Chart XSS Release Date: 14/05/2013 Author: Deepankar Arora And Rafay Baloch Blog: http://rafayhackingarticles.net Vendor: www.joobi.co Versions Affected:...
Joomla Jnews 8.0.1 Cross Site Scripting
Exploit Title: Joomla comjnews Open Flash-Chart XSS Release Date: 14/05/2013 Author: Deepankar Arora And Rafay Baloch Blog: http://rafayhackingarticles.net Vendor: www.joobi.co Versions Affected: 8.0.1latest and earlier Google Dork: inurl:comjnews Description: The vulnerability with Open-Flash...
Open Flash Chart - 'get-data' Cross-Site Scripting
source: https://www.securityfocus.com/bid/59928/info Open Flash Chart is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution
The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...
Open Flash Chart/Pwiki Remote Code Execution Vulnerability
Exploit for unknown platform in category web applications ========================================================== Open Flash Chart/Pwiki Remote Code Execution Vulnerability ========================================================== Author: GoLdeN-z3r0 Title: Open Flash Chart/Pwiki Remote Code...
Piwik 0.2.35 - 0.4.3 PHP Code Execution Vulnerability
Piwik is prone to PHP Code Execution vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwik:piwik"; ifdescription...
Piwik ofc_upload_image.php远程PHP代码执行漏洞
BUGTRAQ ID: 37314 CVECAN ID: CVE-2009-4140 Piwik是一款利用Php+MySQL技术构建的开源网页访问统计系统。 Piwik中使用了open-flash-chart模块执行制表操作,该模块没有正确的过滤提交给ofcuploadimage.php文件的name和HTTPRAWPOSTDATA参数便用于创建文件: ? $defaultpath = '../tmp-upload-images/'; if !fileexists$defaultpath mkdir$defaultpath, 0777, true; $destination =...
Unrestricted file upload
Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users to...