PT-2014-87: Local File Inclusion in ShopOS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in ShopOS. Insufficient validation of user input in the index.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may result in sensiti...

PT-2014-86: Local File Inclusion in ShopOS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in ShopOS. Insufficient validation of user input in the 5.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may result in sensitive...

PT-2014-84: Local File Inclusion in ShopOS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in ShopOS. Insufficient validation of user input in the 2.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may result in sensitive...

PT-2014-82: Multiple Local File Inclusion Vulnerabilities in ShopOS

The specialists of the Positive Research center have detected multiple Local File Inclusion vulnerabilities in ShopOS. Insufficient validation of user input in the \en\lang.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may resul...

CVE-2013-4446

The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...

Fedora 18 : drupal6-context-3.3-1.fc18 (2013-21298)

CVE-2013-4445/CVE-2013-4446 Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues. First issue is that the module allows execution of PHP code via manipulation of a URL argument in...

Fedora 20 : drupal6-context-3.3-1.fc20 (2013-21303)

CVE-2013-4445/CVE-2013-4446 Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues. First issue is that the module allows execution of PHP code via manipulation of a URL argument in...

Fedora 19 : drupal6-context-3.3-1.fc19 (2013-21231)

CVE-2013-4445/CVE-2013-4446 Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues. First issue is that the module allows execution of PHP code via manipulation of a URL argument in...

OpenX Ad Server Backdoor PHP Code Execution (CVE-2013-4211)

A Code Execution vulnerability has been reported in OpenX Ad Server. The vulnerability is due to the existence of a backdoor within the flowplayer-3.1.1.min.js library. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could...

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

SA-CONTRIB-2013-079 - Context - Multiple Vulnerabilities

Context allows you to manage contextual conditions and reactions for different portions of your site This advisory covers two separate issues. Arbitrary PHP Code Execution The first, and more severe issue Highly Critical status, is that the module allows execution of PHP code via manipulation of ...

WordPress SEO Watcher Plugin - Arbitrary PHP Code Execution

SEO Watcher plugin's "ofcuploadimage.php" is prone to an arbitrary PHP code execution vulnerability. It allows an attacker to execute arbitrary PHP code within the context of the web server. Solution Upgrade the plugin...

Cross site request forgery (csrf)

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and 1 perform a SQL injection via an Etape4 action or 2 execute arbitrary PHP...

CVE-2013-5696

GLPI before 0.84.2 is affected by CVE-2013-5696 due to inc/central.class.php not disabling install.php after installation, enabling CSRF and, via Etape_4 and update_1 actions, potential SQL injection and arbitrary PHP code execution. The CVE is documented with root cause as improper access contro...

Security fix for the ALT Linux 9 package glpi version 0.84.2-alt1

Sept. 20, 2013 Pavel Zilke 0.84.2-alt1 - Security fixes: + CVE-2013-5696 : SQL Injection, PHP Code Execution, CSRF...

Security fix for the ALT Linux 10 package glpi version 0.84.2-alt1

Sept. 20, 2013 Pavel Zilke 0.84.2-alt1 - Security fixes: + CVE-2013-5696 : SQL Injection, PHP Code Execution, CSRF...

Multiple Vulnerabilities in Gnew

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Gnew, which can be exploited to execute arbitrary PHP code and pefrom SQL injection attacks against vulnerable application. 1 PHP File Inclusion in Gnew: CVE-2013-5639 Vulnerability exists due to insufficient validation...

OpenX flowplayer-3.1.1.min.js Backdoor Remote Code Execution

The version of OpenX installed on the remote host contains a backdoor and allows the execution of arbitrary PHP code, subject to the privileges under which the web server operates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

mkCMS - 'index.php' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is vulnerable; other versions may also be affected...

mkCMS - index.php Arbitrary PHP Code Execution

mkCMS - index.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is...