TYPO3 Color Picker Wizard Remote PHP Code Execution Vulnerability

TYPO3 is prone to PHP code execution vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

websvn <= 2.0 (xss/fh/ce) Multiple Vulnerabilities

No description provided by source. WebSVN = 2.0 Multiple Vulnerabilities October 20, 2008 Vendor : Tim Armes URL : http://websvn.tigris.org Version : WebSVN = 2.0 Risk : Multiple Vulnerabilities Description: WebSVN is an online SVN repository viewer. The description taken from the project website...

OpenX banner-edit.php File Upload PHP Code Execution

No description provided by source. $Id: openxbanneredit.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

wordpress <= 3.3.1 - Multiple Vulnerabilities

No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version...

PAJAX Remote Command Execution

No description provided by source. $Id: pajaxremoteexec.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Invision Power Board <= 3.3.4 unserialize Regex Bypass

No description provided by source. ?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, \...

STUNSHELL Web Shell Remote PHP Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Coppermine Photo Gallery 1.0 PHP Code Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker...

Meganoide's News 1.1.1 Include.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22589/info Meganoide's news is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of...

Barcode Generator 2.0 'LSTable.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31419/info Barcode Generator is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

Simploo CMS 1.7.1 PHP Code Execution

No description provided by source. Simploo CMS Community Edition - Remote PHP Code Execution Issue Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits ============= Discover...

FlatNuke 2.5.x - referer.php Crafted Referer Arbitrary PHP Code Execution

No description provided by source. source: http://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical...

SPIP 1.8.3 Spip_login.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17423/info SPIP is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remot...

WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

No description provided by source. ============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted...

Artmedic Newsletter 4.1 Log.PHP Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18047/info Artmedic Newsletter is prone to a remote PHP code-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to creat...

HiveMail 1.2.2/1.3 folders.update.php folderid Variable Arbitrary PHP Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result ...

@lex Guestbook <= 4.0.2 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php // | | header @lex Guestbook = 4.0.2 Remote Command Execution Exploit | header ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor |...

vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include REXML include...

GenesisTrader 1.0 form.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21595/info GenesisTrader is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple information-disclosure...

AzDGVote 0 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17447/info AzDGVote is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...