EUVD-2001-1001

Malware in sbrugna...

CVE-2012-10033

Narcissus (backend.php) Image Configuration Command Injection is CVE-2012-10033. The flaw: release parameter is not sanitized before passing to configure_image(), which invokes PHP passthru() with the unsanitized input. This enables remote code execution via a crafted POST request under the web s...

LibreNMS Collectd Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqliescaperealstring function, which permits backticks. These parameters are used as part...

PHPCompta/NOALYSS 6.7.1 5638 - Remote Command Execution

No description provided by source. Vulnerability title: Remote Command Execution in PHPCompta/NOALYSS CVE: CVE-2014-6389 Vendor: PHPCompta Product: PHPCompta/NOALYSS Affected version: 6.7.1 5638 Fixed version: 6.7.2 Reported by: Jerzy Kramarz Details: PhpCompta 6.7.1-2 does not validate the synta...

Is-Human 1.4.2 WordPress Plugin Command Execution

Exploit Title: is-human 1.4.2 and prior Worpdress plugin. Date: 16.05.2011 Author: neworder www.neworder-ind.net Software Link: http://wordpress.org/extend/plugins/is-human/ Version: 1.4.2 Tested on: Linux Platform The vulnerability exists in /is-human/engine.php . It is possible to take control ...

WordPress Plugin Is-human 1.4.2 - Remote Command Execution

Exploit Title: is-human 1.4.2 and prior Worpdress plugin. Date: 16.05.2011 Author: neworder www.neworder-ind.net Software Link: http://wordpress.org/extend/plugins/is-human/ Version: 1.4.2 Tested on: Linux Platform The vulnerability exists in /is-human/engine.php . It is possible to take control ...

PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net

A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...

RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities

---------------------------------------------------------------------------------- - GroundZero Security Research and Software Development 2006 - ---------------------------------------------------------------------------------- - - - Security Advisory regarding RechnungsZentrale v2. - - SQL...

CVE-2001-1020

editimage.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfilename parameter, which is sent unfiltered to the PHP passthru function...