Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator user via an add action to admin/index.php or 2 conduct static PHP code injection attacks via...

CVE-2012-4902

CVE-2012-4902 concerns Template CMS 2.1.1 and earlier. The vulnerability is a CSRF flaw that lets an attacker trick an authenticated administrator into performing unauthorized actions, including adding a new administrator account and potentially triggering code execution through the admin interfa...

CVE-2012-4902

Multiple cross-site request forgery CSRF vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator user via an add action to admin/index.php or 2 conduct static PHP code injection attacks via...

WebUI 1.5b6 PHP Code Injection

| Title : WebUI 1.5b6 PHP code injection Vulnerability | Author : indoushka | email : [email protected] | Dork : c2002-2010 Young Consulting | Tested on: Win 8.1 fr pro / 22:30 15/05/2015 | Bug : PHP code injection | Download : https://github.com/baram01/webui/...

CVE-2012-2930

Multiple cross-site request forgery CSRF vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user via an adduser action to admin/index.php or 2 conduct static PHP code injection attacks in .htusers.php...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user via an adduser action to admin/index.php or 2 conduct static PHP code injection attacks in .htusers.php...

CVE-2012-2930

Multiple cross-site request forgery CSRF vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user via an adduser action to admin/index.php or 2 conduct static PHP code injection attacks in .htusers.php...

Open-Letters - Remote PHP Code Injection

Open-Letters - Remote PHP Code Injection / errorreporting0; settimelimit0; iniset"defaultsockettimeout", 5; function httpsend$host, $packet if !$sock = fsockopen$host, 80 die "\n- No response from $host:80\n"; fwrite$sock, $packet; return streamgetcontents$sock; print "+ Author: TUNISIAN CYBER\n"...

WordPress W3 Total Cache PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit3 'WordPress W3 Total Cache PHP Code Execution', 'Description' = %q This module exploits a PHP Code Injection vulnerability against WordPress plugin W3...

WordPress W3 Total Cache PHP Code Execution

This module exploits a PHP Code Injection vulnerability against WordPress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PH...

Debian DSA-3120-1 : mantis - security update

Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

Mantis Bug Tracker 1.2.17 PHP Code Injection Vulnerability

Mantis Bug Tracker versions 1.2.0 through 1.2.17 suffer from a PHP code injection vulnerability. ----------------------------------------------------------------------------- Mantis Bug Tracker $newId 108. $bugData = bugget $newId, true ; 109. 110. $bugLinkRegexp = '/^|^\w' . pregquote...

Mantis Bug Tracker 1.2.17 PHP Code Injection

----------------------------------------------------------------------------- Mantis Bug Tracker $newId 108. $bugData = bugget $newId, true ; 109. 110. $bugLinkRegexp = '/^|^\w' . pregquote $this-source-issuelink, '/' . '\d+\b/e'; 111. $replacement = '"\1" . $this-getReplacementString "\2", "\3"...

Fedora 21 : mantis-1.2.17-4.fc21 (2014-15142)

fix CVE-2014-7146, CVE-2014-8598 1162046 fix CVE-2014-8554 1159295 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 20 : mantis-1.2.17-4.fc20 (2014-15108)

fix CVE-2014-7146, CVE-2014-8598 1162046 fix CVE-2014-8554 1159295 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability', 'Description' = %q This module exploits a post-auth vulnerability...

Web Application Protection - Tool to detect and correct vulnerabilities in PHP web applications

WAP 2.0 is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher and with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-si...

MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability

This module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute o...

Web Encryption Extension security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Revision: 1.0 Last Updated: 25 July 2014 First Published: 25 July 2014 Summary: A security issue was found in the Web Encryption Extension. Authenticated users are able to modify the content of https request fields to insert code into the pipeline...

Code injection

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...