1986 matches found
CVE-2017-11585
CVE-2017-11585 affects dayrui FineCMS 5.0.9 with remote PHP code execution through the param parameter in an action=cache request to libraries/Template.php, described as Eval Injection. The vulnerability allows an attacker to inject and execute arbitrary PHP code on the server. Exploitation and e...
GShark Framework - Check all your backdoors with only one telegram account
This framework can perform web post exploitation, with this you can interact with multiple web backdoor and execute custom module, script. Check all your backdoors with only one telegram messenger account! Connect web backdoor to master server and control it with Telegram Download visual backdoor...
IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution
This module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'newhomepage' parameter of the 'saveHomePage' method allowi...
CVE-2017-8402
PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file...
OV3 Online Administration 3.0 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications !-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data...
Nippon Institute of Agroinformatics SOY CMS Directory Traversal Vulnerability
Nippon Institute of Agroinformatics SOY CMS is a web content management system CMS from Nippon Institute of Agroinformatics, Japan. The system supports the creation of websites, the development of software based on A/B testing, and the optimization of websites. A directory traversal vulnerability...
MODX CMS 2.x < 2.5.7 Multiple Vulnerabilities
MODX CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:modx:revolution"; if description...
SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting Vulnerability
A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a stored cross site scripti...
October CMS 1.0.412 - Multiple Vulnerabilities
October CMS 1.0.412 - Multiple Vulnerabilities October CMS v1.0.412 several vulnerabilities Information =========== Name: October CMS v1.0.412 build 412 Homepage: http://octobercms.com Vulnerability: several issues, including PHP code execution Prerequisites: attacker has to be authenticated user...
phpMyAdmin 4.6.x < 4.6.3 Multiple Vulnerabilities (PMASA-2016-17 - PMASA-2016-28)
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.6.x prior to 4.6.3. It is, therefore, affected by the following vulnerabilities: - A flaw exists in the setup/frames/index.inc.php script that allows an unauthenticated, remote attacker ...
October CMS 1.0.412 - Multiple Vulnerabilities
October CMS v1.0.412 several vulnerabilities Information =========== Name: October CMS v1.0.412 build 412 Homepage: http://octobercms.com Vulnerability: several issues, including PHP code execution Prerequisites: attacker has to be authenticated user with media or asset management permission CVE:...
CVE-2016-4862
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers...
CVE-2016-4862
The CVE-2016-4862 issue affects the Twigmo add-on shipped with CS-Cart v4.3.9 and earlier (and CS-Cart Multi-Vendor v4.3.9 and earlier). The vulnerability is a PHP object injection flaw caused by unserializing untrusted input in Twigmo, enabling a remote authenticated user to execute arbitrary PH...
October CMS 1.0.412 Code Execution / Shell Upload
October CMS v1.0.412 several vulnerabilities Information =========== Name: October CMS v1.0.412 build 412 Homepage: http://octobercms.com Vulnerability: several issues, including PHP code execution Prerequisites: attacker has to be authenticated user with media or asset management permission CVE:...
October CMS 1.0.412 Code Execution / Shell Upload Vulnerabilities
Exploit for php platform in category web applications October CMS v1.0.412 several vulnerabilities Information =========== Name: October CMS v1.0.412 build 412 Homepage: http://octobercms.com Vulnerability: several issues, including PHP code execution Prerequisites: attacker has to be authenticat...
CVE-2015-6567
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/filemanager/browse/ aka the filemanager does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality...
Unrestricted file upload
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/filemanager/browse/ aka the filemanager does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a...
Unrestricted file upload
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/filemanager/browse/ aka the filemanager does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality...
CVE-2015-6568
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/filemanager/browse/ aka the filemanager does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a...
CVE-2015-6568
Wolf CMS before 0.8.3.1 is vulnerable to an unrestricted file upload that allows changing a file’s extension to .php via admin/plugin/file_manager/browse/, enabling PHP code execution. Exploitation requires a registered user with upload access. The issue is addressed in Wolf CMS 0.8.3.1 (release ...