CS-Cart 4.3.10 Unauthenticated XXE Injection

Software : CS-Cart From vendor site CS-Cart is an impressive platform for users to any level of eCommerce experience. With loads of features at a great price, CS-Cart is a great shopping cart solution that will quickly enable your online store to do business. XXE I : Twimgo addon...

Internet Bug Bounty: Use after free with assign by ref to overloaded objects

Reported: 2015-07-15 16:30 UTC Fixed: 2015-07-21 14:20 UTC Bug Report: https://bugs.php.net/bug.php?id=70083 Fixed in PHP 5.6: http://git.php.net/?p=php-src.git;a=commitdiff;h=f57cb13c566613eec0e1c2f6d96d18565436a9b7 Fixed in 7:...

LeaseWeb: PHP and Web Server version disclosed on leasewebnoc.com

HI Version disclosure is happening on leasewebnoc.com GET /en/contact HTTP/1.1 Host: leasewebnoc.com User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64; rv:44.0 Gecko/20100101 Firefox/44.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5...

Oxwall-1.7.0

Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a...

SEO Control Panel 3.6.0 - (Authenticated) SQL Injection

Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link: http://www.seopanel.in/spdownload/ Version: Seo Panel Version 3.6.0 Tested on: Ka...

Oxwall 1.7.0 - Remote Code Execution

Oxwall 1.7.0 - Remote Code Execution !/usr/bin/env python Oxwall 1.7.0 Remote Code Execution Exploit Vendor: Oxwall Software Foundation Product web page: http://www.oxwall.org Affected version: 1.7.0 build 7907 and 7906 Summary: Oxwall is unbelievably flexible and easy to use PHP/MySQL social...

PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability

No description provided by source. PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability Vendor: Prado Software Product web page: http://www.pradosoft.com Affected version: 3.2.0 r3169 Summary: PRADO is a component-based and event-driven programming framework for developing Web applications...

phlyLabs phlyMail Lite 4.03.04 (go param) Open Redirect Vulnerability

No description provided by source. phlyLabs phlyMail Lite 4.03.04 go param Open Redirect Vulnerability Vendor: phlyLabs Product web page: http://www.phlymail.com Affected version: Lite 4.03.04 Summary: phlyMail offers you an interface in the browser to have access to your emails, contacts,...

ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability

No description provided by source. ?php / ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Vendor: ViArt Software Product web page: http://www.viart.com Affected version: 4.1, 4.0.8, 4.0.5 Summary: Viart Shop is a PHP based e-commerce suite, aiming to provide everything you nee...

Qool CMS 2.0 RC2 Cross Site Scripting

Qool CMS v2.0 RC2 Multiple HTML And JavaScript Injection Vulnerabilities input type="hidden" name="lib" value="default"...

Piwigo任意文件泄露和任意文件删除漏洞

BUGTRAQ ID: 58016 Piwigo是用PHP编写的相册脚本。 Piwigo 2.4.6及其他版本没有正确验证install.php脚本的 'dl'参数值，在实现上存在安全漏洞，攻击者可利用这些漏洞查看受影响计算机上的任意文件，删除受影响应用上下文内的任意文件。 0 Piwigo Piwigo 2.4.6 厂商补丁： Piwigo ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://piwigo.org/bugs/view.php?id=2843...

Piwigo 2.4.6 - '/install.php' Arbitrary File Read/Delete

Piwigo 2.4.6 install.php Remote Arbitrary File Read/Delete Vulnerability Vendor: Piwigo project Product web page: http://www.piwigo.org Affected version: 2.4.6 Summary: Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of...

Piwigo 2.4.6 - install.php Arbitrary File ReadDelete

Piwigo 2.4.6 - install.php Arbitrary File ReadDelete Piwigo 2.4.6 install.php Remote Arbitrary File Read/Delete Vulnerability Vendor: Piwigo project Product web page: http://www.piwigo.org Affected version: 2.4.6 Summary: Piwigo is a photo gallery software for the web that comes with powerful...

phlyLabs phlyMail Lite 4.03.04 XSS / Path Disclosure

phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities input type="hidden" name="M...

phlyLabs phlyMail Lite 4.03.04 (go param) Open Redirect Vulnerability

Summary phlyMail offers you an interface in the browser to have access to your emails, contacts, appointments, tasks, files and bookmakrs from anyhwere, where you have internet access. This can be your home, workplace, train station, abroad, offroad, in the woods or your own backyard. Description...

Axis Commerce 0.8.7.2 Cross Site Scripting Vulnerability

Axis Commerce version 0.8.7.2 suffers from multiple stored cross site scripting vulnerabilities. Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities alert'XSS';", "base":"TESTSTRING",...

Axis Commerce 0.8.7.2 Cross Site Scripting

Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities alert'XSS';", "base":"TESTSTRING", "secure":"TESTSTRING2", "rootcategory":"2"' / input type="hidden" name="a...

PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability

Exploit for php platform in category web applications PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability Vendor: Prado Software Product web page: http://www.pradosoft.com Affected version: 3.2.0 r3169 Summary: PRADO is a component-based and event-driven programming framework for developi...

PRADO PHP Framework 3.2.0 - Arbitrary File Read

PRADO PHP Framework 3.2.0 - Arbitrary File Read PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability Vendor: Prado Software Product web page: http://www.pradosoft.com Affected version: 3.2.0 r3169 Summary: PRADO is a component-based and event-driven programming framework for developing Web...

ViArt Shop Enterprise 4.1 Arbitrary Command Executio

?php / ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Vendor: ViArt Software Product web page: http://www.viart.com Affected version: 4.1, 4.0.8, 4.0.5 Summary: Viart Shop is a PHP based e-commerce suite, aiming to provide everything you need to run a successful on-line...