CVE-2017-15935

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file...

CVE-2017-15935

CVE-2017-15935 affects Artica Pandora FMS 7.0. The issue is a remote PHP code execution vulnerability in the manager files function, exploitable only by administrators who upload a PHP file. According to the NVD entry, the CVSS-3 base score is 7.2 (HIGH) with NETWORK attack vector, low attack com...

CVE-2017-15935

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file...

CometChat < 6.2.0 BETA 1 - Local File Inclusion

Exploit Title: CometChat Vendor Homepage: https://cometchat.com/ Version: 6.2.0 BETA 1 Tested on: Ubuntu Linux 14.04 -------------------------------------------------------------------------------------- In versions of CometChat before version v6.2.0 BETA 1 a bug existed which allowed any...

CVE-2017-1000119

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000119

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server...

Unrestricted file upload

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000119

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000119

October CMS build 412 is vulnerable to PHP code execution via the file upload functionality, potentially allowing site compromise and server-wide impact. The vulnerability is documented across multiple sources (NVD entry CVE-2017-1000119; GitHub/OSV/OSVDB advisories; Metasploit module and exploit...

Kaltura 13.1.0 Code Execution / Cross Site Scripting

Telekom Security security.telekom.com Advisory: Kaltura - Remote Code Execution and Cross-Site Scripting Release Date: 2017/09/12 Author: Robin Verton [email protected] CVE: CVE-2017-14141, CVE-2017-14142, CVE-2017-14143 Application: Kaltura = 13.1.0 Risk: Critical Vendor Status: Kaltura...

Unrestricted file upload

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file...

CVE-2017-14346

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file...

CVE-2017-14346

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file...

CVE-2017-14346

CVE-2017-14346 affects the tianchoy/blog package. The vulnerability exists in upload.php and allows an attacker to upload arbitrary files and execute PHP code by abusing image content-types (image/jpeg, image/pjpeg, image/png, image/gif) for a .php file, enabling remote code execution. Affected v...

CVE-2017-10844

CVE-2017-10844 affects baserCMS 3.0.14 and earlier and 4.0.5 and earlier. The vulnerability allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. Reported CVSS scores indicate high impact (CVSS3 base 8.8; CVSS2 base 6.5). Connected sources corroborate that the is...

JVN#78151490: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2017-10842 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...

JVN#87410770: Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD

Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-10832 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution Exploit

This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'newhomepage' parameter of the 'saveHomePage'...

CVE-2017-11760

uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area...

CVE-2017-11760

uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area...