Zen Cart Arbitrary File Inclusion Vulnerability

Zen Cart is open source shopping cart software. An arbitrary file inclusion vulnerability exists in Zen Cart. Due to a lack of filtering in the "/ajax.php" script directory traversal sequence in the "act" HTTP GET parameter, an attacker can exploit the vulnerability to execute arbitrary PHP code...

Google AdWords API 'WSDLInterpreter/WSDLInterpreter.php'任意PHP代码执行漏洞

No description provided by source...

vBulletin 5 Connect 5.1.2 through 5.1.9 PHP object injection attack

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. Recent assessments: busterb ...

DEBIAN-CVE-2015-7984

Multiple cross-site request forgery CSRF vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary 1 commands via the cmd paramet...

Horde Groupware 5.2.10 Cross Site Request Forgery Vulnerability

Horde Groupware version 5.2.10 suffers from a cross site request forgery vulnerability. Product: Horde Groupware Vendor: http://www.horde.org Vulnerable Versions: 5.2.10 and probably prior Tested Version: 5.2.10 Advisory Publication: September 30, 2015 without technical details Vendor Notificatio...

Horde Groupware 5.2.10 - Cross-Site Request Forgery

Horde Groupware 5.2.10 - Cross-Site Request Forgery Advisory ID: HTB23272 Product: Horde Groupware Vendor: http://www.horde.org Vulnerable Versions: 5.2.10 and probably prior Tested Version: 5.2.10 Advisory Publication: September 30, 2015 without technical details Vendor Notification: September 3...

vBulletin Remote Command Execution Vulnerability

vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program . A remote command execution vulnerability exists in vBulletin versions 5.1.4 to 5.1.9, which allows an attacker to execute php code using the decodeArguments...

SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory 20151022-0 ======================================================================= title: Multiple critical vulnerabilities product: Lime Survey vulnerable version: 2.05 up to 2.06+ Build 151014 fixed version: 2.06+ Build 151016 CVE number: impact:...

The World Browser 3.0 Final - Remote Code Execution

The World Browser 3.0 Final - Remote Code Execution !/usr/bin/php ?php Author : Ehsan Noreddini E-Mail : [email protected] Social : @prot3ct0r Title : The World Browser Remote Code Execution TheWorld Browser is a tiny, fast and powerful web Browser. It is completely free. There is no function...

CVE-2015-5660

Cross-site request forgery CSRF vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code...

Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution

Dream CMS 2.3.0 CSRF Add Extension And File Upload PHP Code Execution/t...

Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) Arbitrary File Upload PHP Code Execution

Dream CMS 2.3.0 - Cross-Site Request Forgery Add Extension Arbitrary File Upload PHP Code Execution Dream CMS 2...

Multiple PHP code execution vulnerabilitles in Cybozu Garoon

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities. CyVDB-863 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, CyVDB-867 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code CVE-2015-5646...

JVN#21025396: Multiple PHP code execution vulnerabilitles in Cybozu Garoon

Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities. CyVDB-863 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, CyVDB-867 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code CVE-2015-5646 CyVDB-86...

Command injection when using external SMB storage - ownCloud

The external legacy SMB storage not using php-libsmbclient of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands. Effectively this allows an attacker to gain access to any file on the system or overwrite it, potentially leading ...

Server: Command injection when using external SMB storage

The external legacy SMB storage not using php-libsmbclient of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands. Effectively this allows an attacker to gain access to any file on the system or overwrite it, potentially leading ...

MATCHA INVOICE vulnerable to code injection

Overview MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with...

JVN#66984217: MATCHA INVOICE vulnerable to code injection

MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Impact An unauthenticated attacker who can execute the installer may execute...

Symantec Web Gateway Database < 5.0.0.1277 Multiple Vulnerabilities (SYM15-009) (credentialed check)

According to its self-reported version number, the remote web server is hosting a version of Symantec Web Gateway with a database component prior to version 5.0.0.1277. It is, therefore, affected by multiple vulnerabilities : - A flaw exists that allows the bypassing of access redirect...

Input validation

Multiple incomplete blacklist vulnerabilities in the serendipityisActiveFile function in include/functionsimages.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .pht or 2 .phtml extension...