376 matches found
WP Symposium Plugin Arbitrary File Upload
The WP Symposium Plugin for WordPress running on the remote web server is affected with an remote file upload vulnerability. A remote, unauthenticated attacker can exploit this vulnerability, via a specially crafted request, allowing an attacker to execute arbitrary code on the target web...
[SECURITY] Fedora 27 Update: mrbs-1.7.0-1.fc27
The Meeting Room Booking System MRBS is a PHP-based application for booking meeting rooms...
[SECURITY] Fedora 26 Update: mrbs-1.7.0-1.fc26
The Meeting Room Booking System MRBS is a PHP-based application for booking meeting rooms...
IBM OpenAdmin Tool welcomeService.php Remote Code Execution
The version of OpenAdmin Tool installed on the remote host is affected by a remote code execution vulnerability. The welcomeService.php file offers a SOAP interface, which does not validate code passed to the 'saveHomePage' method, allowing a remote attacker to save arbitrary code into...
[SECURITY] [DLA 770-1] libphp-phpmailer security update
Package : libphp-phpmailer Version : 5.1-1.2 CVE ID : CVE-2016-10033 Debian Bug : 849365 Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for...
What we learned from our Advent Calendar
Vulnerability Types In this years Advent of PHP Application Vulnerabilities APAV, we examined 36 critical security issues which were detected in 19 different PHP applications by our code analysis solution RIPS. We presented a multitude of critical security issues found in widely-used open-source...
PECL HTTP: Remote execution of arbitrary code
Background This HTTP extension aims to provide a convenient and powerful set of functionality for one of PHPs major applications. Description A buffer overflow can be triggered in the URL parsing functions of the PECL HTTP extension. This allows overflowing a buffer with data originating from an...
ScriptCase 8.1.053 - Multiple Vulnerabilities
Exploit for php platform in category web applications + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SCRIPTCASE-PHP-WEB-TOOL-MULTIPLE-VULNERABILITIES.txt + ISR: ApparitionSec Vendor: ================== www.scriptcase.net Product:...
X (Formerly Twitter): reverb.twitter.com redirects to vulnerable reverb.guru
Hi! http://reverb.twitter.com redirects requests to http://reverb.guru which hosts a vulnerable PHP application. I managed to get RCE there which allows to modify the contents of this site, so that reverb.twitter.com will redirect to a phishing page or force a malicious file download. I was able ...
Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)
A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. A remote attacke...
PHP Utility Belt remote code execution vulnerability verification and analysis-vulnerability warning-the black bar safety net
! PHP Utility Belt is a tool for PHP application developers use a set of tools that can be used to test regular expressions and observed with pregmatch and pregmatchall function to match the observed pregreplate the result of the function; contains two words, two numbers with a capital letter and...
PHP 5.6.10 < 5.6.11 Multiple Vulnerabilities (BACKRONYM)
Binary data 8954.prm...
F5 BIG-IP - SOAP parser vulnerability CVE-2013-1824
The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...
Amazon Linux: Security Advisory (ALAS-2014-314)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2014-453)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ApPHP Hotel Site 3.x.x SQL Injection Vulnerability
ApPHP Hotel Site version 3.x.x suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data. ApPHP Hotel site SQLi Vulnerability ApPHP Hotel Site is an Hotel application programs using PHP Language. title : ApPHP Hotel Site v.3.x.x. godork : ".php?pid=" "ApP...
WordPress Plugin SP Project & Document Manager 2.5.3 - Blind SQL Injection
Exploit Title: WordPress SP Project & Document Manager 2.5.3 Blind SQL Injection Google Dork: inurl:wp-content/plugins/sp-client-document-manager Date: 2015-03-04 Exploit Author: catsecurity Vendor Homepage: http://smartypantsplugins.com Software Link:...
MyBB < 1.6.15 Video MyCode XSS
According to its version number, the MyBB application hosted on the remote web server is prior to 1.6.15. It is, therefore, potentially affected by a cross-site scripting vulnerability in video MyCode due to improper validation of user-supplied input. A remote attacker can exploit this to execute...
WordPress Webdorado Spider Event Calendar 1.4.9 - SQL Injection Vulnerability
Exploit for php platform in category web applications . Exploit Title: WordPress: Webdorado Spider Event Calendar = 1.4.9 SQL Injection Date: 2015-02-12 Exploit Author: Mateusz Lach Vendor Homepage: https://www.facebook.com/WebDorado or http://www.webdorado.com Software Link:...
WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection
WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection . Exploit Title: WordPress: Webdorado Spider Event Calendar = 1.4.9 SQL Injection Date: 2015-02-12 Exploit Author: Mateusz Lach Vendor Homepage: https://www.facebook.com/WebDorado or http://www.webdorado.com Software Link:...