CVE-2018-5781

Mitel Connect ONSITE (R1711-PREM and earlier) and Mitel ST (14.2 GA28 and earlier) contain a PHP code injection vulnerability in the conferencing component. An unauthenticated attacker can send specially crafted requests to the vendrecording.php page to inject and execute arbitrary PHP code withi...

CVE-2018-5781

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...

CVE-2018-5780

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...

CVE-2018-5782

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...

TestLink Open Source Test Management 1.9.16 - Remote Code Execution

TestLink Open Source Test Management 1.9.16 - Remote Code Execution Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in m...

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Vulnerability

Exploit for php platform in category remote exploits Title: TestLink Open Source Test Management comment out skip-networking as well as bind-addre...

Remote code execution

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure...

CVE-2018-7448

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure...

CMS Made Simple 2.1.6 Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip Versio...

Updated php-smarty packages fix security vulnerability

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template nameCVE-2017-1000480...

Code injection

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter...

CVE-2014-1632

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter...

CVE-2014-1632

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter...

Design/Logic Flaw

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php and similar file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-180...

Code injection

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the 1 databaseserver, 2...

CVE-2018-5749

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the 1 databaseserver, 2...

CVE-2018-5749

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the 1 databaseserver, 2...

Mambo < 4.5.4 - SQL Injection Vulnerability

Exploit for php platform in category web applications Mambo SQL Injection Vendor: Miro International Pty Ltd Product: Mambo Version: = 4.5.4 Website: http://www.mamboserver.com/ BID: 20366 OSVDB: 50002 Description: Mambo is a popular Open Source Content Management System released under the GNU...

PHP Code Execution Vulnerability in JCCMS of Chengdu Torch Cheng Information Technology Co.

JCCMS is a website building system developed by Chengdu Torch Cheng Information Technology Co. JCCMS has a code execution vulnerability that can be exploited by attackers to execute arbitrary PHP code...

Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest' class MetasploitModule 'Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload', 'Description' = %q This module exploits an...