1985 matches found
DLA-695-1 spip - security update
Bulletin has no description...
CVE-2016-8580
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...
SPIP 3.1.2 Template Compiler / Composer PHP Code Execution
SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence...
SPIP 3.1.2 Template Compiler / Composer PHP Code Execution
Exploit for php platform in category web applications SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free...
SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution
SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence...
JonhCMS 4.5.1 - SQL Injection
JonhCMS 4.5.1 - SQL Injection Exploit Title :----------------- : JonhCMS 4.5.1 - go.php?id - SQL Injection Author :------------------------ : Besim Google Dork :---------------- : - Date :-------------------------- : 14/10/2016 Type :-------------------------- : webapps Platform :...
Drupal RESTWS Module Remote PHP Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal RESTWS Module Remote PHP Code Execution', 'Description' = %q This module exploits a Remote PHP Code Execution vulnerability in Drupal RESTW...
Automattic: [bbPress] Stored XSS in any forum post.
Intro: Encouraged by the success of cure53 and their reward, i start the research plugins in your scope. And almost immediately i found critical Stored XSS, which of course leeds to privelege escalation or PHP code execution. This vulnerability doesnt requres "special" preveleges like...
Several Critical Remotely Exploitable Flaws Found in Drupal Modules, patch ASAP!
The extraordinary 'Panama Papers leak' from Law firm Mossack Fonseca that exposed the tax-avoiding efforts by the world's richest and most influential members was initially believed to be the result of an unpatched vulnerability in the popular content management systems: Drupal and WordPress. Now...
CVE-2015-5723
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local...
Real Estate Portal 4.1 - Multiple Vulnerabilities
Real Estate Portal 4.1 - Multiple Vulnerabilities Real Estate Portal v4.1 Remote Code Execution Vulnerability Vendor: NetArt Media Product web page: http://www.netartmedia.net Affected version: 4.1 Summary: Real Estate Portal is a software written in PHP, allowing you to launch powerful and...
phpMyFAQ Cross-Site Request Forgery Vulnerability
phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site request forgery vulnerability exists in phpMyFAQ. Due to the application failing to properly validate the 'Interface Translation' translation function of the originating HTTP request. An unauthenticated remote attacker c...
CVE-2016-3153
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...
Design/Logic Flaw
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...
iScripts EasyCreate 3.0 - Remote Code Execution
Exploit for php platform in category web applications !C:/Python27/python.exe -u iScripts EasyCreate 3.0 Remote Code Execution Exploit Vendor: iScripts.com Product web page: http://www.iscripts.com Affected version: 3.0 Summary: iScripts EasyCreate is a private label online website builder. This...
Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution
?php // Source: http://akat1.pl/?id=1 function getmaps $fh = fopen"/proc/self/maps", "r"; $maps = fread$fh, 331337; fclose$fh; return explode"\n", $maps; function findmap$sym $addr = 0; foreachgetmaps as $record if strstr$record, $sym && strstr$record, "r-xp" $addr = hexdecexplode'-', $record0;...
iScripts EasyCreate 3.0 - Remote Code Execution
!C:/Python27/python.exe -u iScripts EasyCreate 3.0 Remote Code Execution Exploit Vendor: iScripts.com Product web page: http://www.iscripts.com Affected version: 3.0 Summary: iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by...
iScripts EasyCreate 3.0 Remote Code Execution Exploit
Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...
Zen Cart 1.5.4 Local File Inclusion
Advisory ID: HTB23282 Product: Zen Cart Vendor: Zen Ventures, LLC Vulnerable Versions: 1.5.4 Tested Version: 1.5.4 Advisory Publication: November 25, 2015 without technical details Vendor Notification: November 25, 2015 Vendor Patch: November 26, 2015 Public Disclosure: December 16, 2015...
Zen Cart Arbitrary File Inclusion Vulnerability
Zen Cart is open source shopping cart software. An arbitrary file inclusion vulnerability exists in Zen Cart. Due to a lack of filtering in the "/ajax.php" script directory traversal sequence in the "act" HTTP GET parameter, an attacker can exploit the vulnerability to execute arbitrary PHP code...