Glype proxy privacy settings can be disabled via CSRF

------------------------------------------------------------------------ Glype proxy privacy settings can be disabled via CSRF ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------...

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

CVE-2014-5324

N-Media file uploader plugin for WordPress is vulnerable prior to version 3.4. An unrestricted file upload allows remote authenticated users with Author privileges to store a file and execute arbitrary PHP code on the server. Impact is arbitrary code execution with partial confidentiality/integri...

Glype Proxy 1.4.9 Cross Site Request Forgery

------------------------------------------------------------------------ Glype proxy privacy settings can be disabled via CSRF ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------...

SkaDate Lite 2.0 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new platform...

Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution

The hungred-post-thumbnail WordPress plugin was affected by a hptfileupload.php File Upload PHP Code Execution security vulnerability...

Sexy Add Template 1.0 - PHP Code Execution CSRF

The sexy-add-template WordPress plugin was affected by a PHP Code Execution CSRF security vulnerability...

Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution

The Annonces WordPress plugin was affected by an admin/theme.php File Upload PHP Code Execution security vulnerability...

RBX Gallery 2.1 - uploader.php File Upload PHP Code Execution

The rbxgallery WordPress plugin was affected by an uploader.php File Upload PHP Code Execution security vulnerability...

Top Quark Architecture 2.1.0 - lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution

The Top Quark Architecture WordPress plugin was affected by a lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution security vulnerability...

SFBrowser 1.4.5 - connectors/php/sfbrowser.php File Upload PHP Code Execution

The sfbrowser WordPress plugin was affected by a connectors/php/sfbrowser.php File Upload PHP Code Execution security vulnerability...

WordPress iTheme2 Theme - File Upload Arbitrary Code Execution

A "themify-ajax.php" file upload arbitrary PHP code execution vulnerability was found in WordPress iTheme2 theme. Solution Update the theme...

SkaDate Lite 2.0 Remote Code Execution

!/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new platform that makes it easy to start online...

SkaDate Lite 2.0 - Remote Code Execution

SkaDate Lite 2.0 - Remote Code Execution !/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new...

CMSimple - Default Administrator Credentials

source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security vulnerabilities An attacker can exploit these...

CMSimple 4.4.4 - Remote File Inclusion

CMSimple 4.4.4 - Remote File Inclusion source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security...

CMSimple 4.4.4 - Remote File Inclusion

source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security vulnerabilities An attacker can exploit these...

CVE-2014-4725

CVE-2014-4725 affects the WordPress plugin MailPoet Newsletters (wysija-newsletters) prior to version 2.6.7. The root cause is a lack of access control that permits unauthenticated remote file uploads via wp-admin/admin-post.php, allowing an attacker to upload a crafted theme to wp-content/upload...

Omeka 2.2.1 - Remote Code Execution

Omeka 2.2.1 - Remote Code Execution !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...

Server: Local file inclusion in core

Due to an improper control of the filename for a requireonce statement in the routing component a limited local file inclusion vulnerability is existent in all below mentioned ownCloud versions. Depending on the ownCloud configuration and the authentication state of a remote attacker this...