1984 matches found
CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...
CVE-2014-5324
N-Media file uploader plugin for WordPress is vulnerable prior to version 3.4. An unrestricted file upload allows remote authenticated users with Author privileges to store a file and execute arbitrary PHP code on the server. Impact is arbitrary code execution with partial confidentiality/integri...
Glype Proxy 1.4.9 Cross Site Request Forgery
------------------------------------------------------------------------ Glype proxy privacy settings can be disabled via CSRF ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------...
SkaDate Lite 2.0 - Remote Code Execution Exploit
No description provided by source. !/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new platform...
Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution
The hungred-post-thumbnail WordPress plugin was affected by a hptfileupload.php File Upload PHP Code Execution security vulnerability...
Sexy Add Template 1.0 - PHP Code Execution CSRF
The sexy-add-template WordPress plugin was affected by a PHP Code Execution CSRF security vulnerability...
Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution
The Annonces WordPress plugin was affected by an admin/theme.php File Upload PHP Code Execution security vulnerability...
RBX Gallery 2.1 - uploader.php File Upload PHP Code Execution
The rbxgallery WordPress plugin was affected by an uploader.php File Upload PHP Code Execution security vulnerability...
Top Quark Architecture 2.1.0 - lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution
The Top Quark Architecture WordPress plugin was affected by a lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution security vulnerability...
SFBrowser 1.4.5 - connectors/php/sfbrowser.php File Upload PHP Code Execution
The sfbrowser WordPress plugin was affected by a connectors/php/sfbrowser.php File Upload PHP Code Execution security vulnerability...
WordPress iTheme2 Theme - File Upload Arbitrary Code Execution
A "themify-ajax.php" file upload arbitrary PHP code execution vulnerability was found in WordPress iTheme2 theme. Solution Update the theme...
SkaDate Lite 2.0 Remote Code Execution
!/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new platform that makes it easy to start online...
SkaDate Lite 2.0 - Remote Code Execution
SkaDate Lite 2.0 - Remote Code Execution !/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new...
CMSimple - Default Administrator Credentials
source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security vulnerabilities An attacker can exploit these...
CMSimple 4.4.4 - Remote File Inclusion
CMSimple 4.4.4 - Remote File Inclusion source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security...
CMSimple 4.4.4 - Remote File Inclusion
source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security vulnerabilities An attacker can exploit these...
CVE-2014-4725
CVE-2014-4725 affects the WordPress plugin MailPoet Newsletters (wysija-newsletters) prior to version 2.6.7. The root cause is a lack of access control that permits unauthenticated remote file uploads via wp-admin/admin-post.php, allowing an attacker to upload a crafted theme to wp-content/upload...
Omeka 2.2.1 - Remote Code Execution
Omeka 2.2.1 - Remote Code Execution !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...
Server: Local file inclusion in core
Due to an improper control of the filename for a requireonce statement in the routing component a limited local file inclusion vulnerability is existent in all below mentioned ownCloud versions. Depending on the ownCloud configuration and the authentication state of a remote attacker this...
BoltWire 4.10 Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Vulnerability in BoltWire, which can be exploited to execute arbitrary PHP code on the target system and gain complete control over vulnerable web application. 1 Unrestricted Upload of File with Dangerous Type in BoltWire: CVE-2014-4169 The...