SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

Multiple vulnerabilities were discovered in Drupal core. Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PH...

php execution vulnerability parsing-vulnerability warning-the black bar safety net

A code to perform the function In PHP you can execute the Code of the function. Such as eval , assert , the“and system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: ? php echo dir; ?& gt; The second file contains the code injection The file containing...

CVE-2012-3572

The CVE-2012-3572 entry concerns OSCC MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, where uploaded documents are not properly verified. This allows remote authenticated users to execute arbitrary PHP code via a crafted document, indicating a remote code execution vulnerability in the docume...

CVE-2012-3527

TYPO3 upstream advisory CVE-2012-3527 affects TYPO3 4.5.x (before 4.5.19), 4.6.x (before 4.6.12) and 4.7.x (before 4.7.4). The vulnerability allows remote authenticated backend users to unserialize arbitrary objects and potentially execute PHP code via an unspecified parameter due to a missing si...

WordPress Plugin Generic - Arbitrary File Upload

source: https://www.securityfocus.com/bid/54440/info The Generic Plugin for WordPress is prone to an arbitrary-file-upload vulnerability. An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or...

Remote file inclusion

PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the subtype parameter...

Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution

?php / ----------------------------------------------------------------- Tiki Wiki CMS Groupware = 8.3 "unserialize" PHP Code Execution ----------------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............: n0b0d13satgmaildotcom software...

Fedora 17 : gallery3-3.0.4-1.fc17 (2012-9705)

Gallery 3.0.4 was released with the following release notes : After several extensive internal and external security audits which discovered 22 distinct vulnerabilities, we are releasing Gallery 3.0.4 as a security release. All of the issues require that someone with malicious intent either have ...

Fedora 16 : gallery3-3.0.4-1.fc16 (2012-9666)

Gallery 3.0.4 was released with the following release notes : After several extensive internal and external security audits which discovered 22 distinct vulnerabilities, we are releasing Gallery 3.0.4 as a security release. All of the issues require that someone with malicious intent either have ...

CVE-2012-3814

CVE-2012-3814 affects the Font Uploader WordPress plugin (version 1.2.4). The vulnerability is an unrestricted file upload in font-upload.php, enabling remote attackers to upload a PHP file with a .php.ttf extension and then access it under font-uploader/fonts, leading to arbitrary PHP code execu...

GLSA-201206-09 : MediaWiki: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201206-09 MediaWiki: Multiple vulnerabilities Multiple vulnerabilities have been discovered in mediawiki. Please review the CVE identifiers referenced below for details. Impact : MediaWiki allows remote attackers to bypass...

MediaWiki: Multiple vulnerabilities

Background The MediaWiki wiki web application as used on wikipedia.org. Description Multiple vulnerabilities have been discovered in mediawiki. Please review the CVE identifiers referenced below for details. Impact MediaWiki allows remote attackers to bypass authentication, to perform imports fro...

WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability

WordPress Nmedia Users File Uploader Plugin is prone to file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Gallery 3.06 - Unauthenticated File Upload PHP Code Execution

The Gallery by BestWebSoft WordPress plugin was affected by an Unauthenticated File Upload PHP Code Execution security vulnerability. PoC The vulnerable file was: http://www.example.com/wp-content/plugins/gallery-plugin/upload/php.php...

Gallery 3.06 - Unauthenticated File Upload PHP Code Execution

The Gallery by BestWebSoft WordPress plugin was affected by an Unauthenticated File Upload PHP Code Execution security vulnerability. The vulnerable file was: http://www.example.com/wp-content/plugins/gallery-plugin/upload/php.php...

CVE-2012-2902

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor JCE component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as...

CVE-2012-2902

CVE-2012-2902 : Unrestricted file upload in Joomla! Content Editor (JCE) for Joomla! before 2.1. The flaw is in editor/extensions/browser/file.php where, if chunking is enabled (>0), an attacker can upload a PHP file with a double extension (e.g., .jpg.pht) to execute arbitrary code. Affected:...

Wordpress-3-3-1 vulnerability documentation-bug warning-the black bar safety net

Most popular Wordpress recent new release of the 3. 3. 1 vulnerabilities, and now published about vulnerability details...... Quicl’sBlog've been looking at Wordpress vulnerability, and through the network to collect the first time for the majority of the Wordpress user with Wordpress...

mysqldumper1.24.4_LFI_XSS_CSRF_PHPEXEC_TRAVERSAL_INFO_DISCLOS

================================================================================================ Vulnerable Software: MySQLDumper Version 1.24.4 Downloaded from: http://sourceforge.net/projects/mysqldumper/files/ MD5 SUM: b62357a0d5bbb43779d16427c30966a1 MySQLDumper1.24.4.zip...

MySQLDumper 1.24.4 Multiple Vulnerabilities

Exploit for php platform in category web applications ================================================================================================ Vulnerable Software: MySQLDumper Version 1.24.4 Downloaded from: http://sourceforge.net/projects/mysqldumper/files/ MD5 SUM:...