1984 matches found
Max Forum - Multiple Vulnerabilities
Max Forum - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/60455/info Max Forum is prone to multiple input-validation vulnerabilities including a PHP code-execution vulnerability, a local file-include vulnerability and an information-disclosure because it fails to properly...
Max Forum - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/60455/info Max Forum is prone to multiple input-validation vulnerabilities including a PHP code-execution vulnerability, a local file-include vulnerability and an information-disclosure because it fails to properly sanitize user-supplied input. An attacke...
Parallels Plesk Remote Exploit(PHP Code Execution and therefore Command Execution)
No description provided by source. Parallels Plesk Remote Exploit -- PHP Code Execution and therefore Command Execution Affected and tested: Plesk 9.5.4 Plesk 9.3 Plesk 9.2 Plesk 9.0 Plesk 8.6 Discovered & Exploited by Kingcope / June 2013 Affected and tested OS: RedHat, CentOS, Fedora Affected a...
Ecshop后台getshell-2
简要描述: 非模板,非sql!!!!!!! 详细说明: 后台可以编辑语言项,并且语言项中有部分是双引号,所以可以通过 $phpinfo 这种格式直接执行php代码,getshell!!这里为了方便演示,使用phpinfo,实际情况可以换成一句话) 语言文件有双引号 后台可以编辑语言文件,插入特殊格式php代码。 此处编辑的是“gzip已禁用”这段文字,所以几乎所有页面都有php代码,首页都有了。 漏洞证明:...
Session fixation
functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...
WordPress W3 Total Cache plugin <= 0.9.2.8 - PHP Code Execution vulnerability
W3 Total Cache plugin is prone to a PHP code execution vulnerability because of the handling of certain macros such as "mfunc" that allows arbitrary PHP code injection. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 0.9.2.9...
Sosci Survey - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/59278/info Sosci Survey is prone to following security vulnerabilities: 1. An unauthorized-access vulnerability 2. Multiple cross-site scripting vulnerabilities 3. Multiple HTML-injection vulnerabilities 4. A PHP code-execution vulnerability Successful...
Sosci Survey - Multiple Vulnerabilities
Sosci Survey - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/59278/info Sosci Survey is prone to following security vulnerabilities: 1. An unauthorized-access vulnerability 2. Multiple cross-site scripting vulnerabilities 3. Multiple HTML-injection vulnerabilities 4. A PHP...
CMSLogik 1.2.1 - Multiple Vulnerabilities
CMSLogik 1.2.1 - Multiple Vulnerabilities !/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter,...
CMSLogik 1.2.1 Shell Upload
!/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...
EasyPHP - index.php Authentication Bypass Remote PHP Code Injection
EasyPHP - index.php Authentication Bypass Remote PHP Code Injection source: https://www.securityfocus.com/bid/58945/info EasyPHP is prone to an authentication bypass and a PHP code execution vulnerability. Attackers may exploit these issues to gain unauthorized access to the affected application...
STUNSHELL (Web Shell) - PHP Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'STUNSHELL Web Shell Remote PHP Code...
CVE-2013-0224
The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file...
ImpressPages cm_group Parameter Remote PHP Code Execution
The ImpressPages install hosted on the remote web server contains a flaw that allows arbitrary PHP code execution. Input passed to the 'cmgroup' parameter is not properly sanitized before being used in a PHP eval function call. An unauthenticated, remote attacker can leverage this vulnerability t...
php-Charts url.php Remote PHP Code Execution
The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/url.php' script is not properly sanitized before being used in a PHP eval call. An unauthenticated, remote attacker could leverage this vulnerability t...
PHP-Charts - Arbitrary PHP Code Execution
PHP-Charts - Arbitrary PHP Code Execution =============================================================== Vulnerable Software: php-chartv1.0 Official Site: http://php-charts.com/ Vuln: PHP Code Execution. =============================================================== Tested On: Debian squeeze...
TYPO3 T3 jQuery Extension任意PHP代码执行漏洞
BUGTRAQ ID: 57280 Typo3是开源内容管理系统(CMS)和内容管理框架(CMF)。 TYPO3 T3 jQuery 2.2.0及之前版本对用户控制的输入使用了 "unserialize",可被利用执行任意PHP代码。 0 TYPO3 T3 jQuery extension = 2.2.0 厂商补丁: TYPO3 ----- TYPO3已经为此发布了一个安全公告(typo3-ext-sa-2013-001)以及相应补丁: typo3-ext-sa-2013-001:TYPO3-EXT-SA-2013-001: Several vulnerabilities in thir...
Fedora 18 : drupal6-6.27-1.fc18 / drupal7-7.18-1.fc18 (2012-20746)
Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...
Elastix < 2.4 PHP Code Injection Vulnerability
Elastix is prone to a PHP code injection vulnerability because it fails to properly sanitize user-supplied input. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Fedora 17 : drupal6-6.27-1.fc17 / drupal7-7.18-1.fc17 (2012-20766)
Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...