7223 matches found
CVE-2017-1000148
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize" function when importing a skin from an XML file...
CVE-2017-1000148
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize" function when importing a skin from an XML file...
CVE-2017-1000148
Mahara is affected in 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2. The vulnerability arises when Mahara imports an XML skin, as portions of the XML are passed to PHP unserialize(), enabling PHP code execution. The issue is documented across multiple sources (e.g., NVD/CNV...
CVE-2017-1000148
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize" function when importing a skin from an XML file...
WordPress WP Mobile Detector 3.5 Shell Upload Exploit
WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a...
CVE-2017-15935
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file...
CVE-2017-15935
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file...
CVE-2017-15935
CVE-2017-15935 affects Artica Pandora FMS 7.0. The issue is a remote PHP code execution vulnerability in the manager files function, exploitable only by administrators who upload a PHP file. According to the NVD entry, the CVSS-3 base score is 7.2 (HIGH) with NETWORK attack vector, low attack com...
WordPress: UnResolved ChangeSet are Visible to Public That also Causes Information Disclosure
Hello, While testing Your Security I Observed that the Security Report Reported to You After Validation arranged for fix or you can say that a public repository created for the code powering the site at https://code.trac.wordpress.org/changeset/ID that Leaks Following Things 1.UnResolved Bugs 2.P...
CometChat Local File Inclusion
Exploit Title: CometChat Vendor Homepage: https://cometchat.com/ Version: 6.2.0 BETA 1 Tested on: Ubuntu Linux 14.04 -------------------------------------------------------------------------------------- In versions of CometChat before version v6.2.0 BETA 1 a bug existed which allowed any...
CometChat < 6.2.0 BETA 1 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: CometChat Vendor Homepage: https://cometchat.com/ Version: 6.2.0 BETA 1 Tested on: Ubuntu Linux 14.04 -------------------------------------------------------------------------------------- In versions of CometChat before version...
Kaltura 13.1.0 Remote Code Execution
!/usr/bin/env python Kaltura = 13.1.0 RCE CVE-2017-14143 https://telekomsecurity.github.io/2017/09/kaltura-rce.html $ python kalturarce.py "https://example.com" 0xxxxxxxx "system'id'" host: https://example.com entryid: 0xxxxxxxx code: system'id' + sending request.. uid=1003wwwrun gid=50004www...
CometChat < 6.2.0 BETA 1 - Local File Inclusion
Exploit Title: CometChat Vendor Homepage: https://cometchat.com/ Version: 6.2.0 BETA 1 Tested on: Ubuntu Linux 14.04 -------------------------------------------------------------------------------------- In versions of CometChat before version v6.2.0 BETA 1 a bug existed which allowed any...
Arbitrary Code Execution
October is vulnerable to arbitrary code execution. A malicious user with media management permission or asset management permission can upload a malicious file to the application, resulting in arbitrary PHP code be executed when the file is deserialized...
CVE-2017-1000119
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server...
CVE-2017-1000119
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server...
Unrestricted file upload
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server...
CVE-2017-1000119
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server...
CVE-2017-1000119
October CMS build 412 is vulnerable to PHP code execution via the file upload functionality, potentially allowing site compromise and server-wide impact. The vulnerability is documented across multiple sources (NVD entry CVE-2017-1000119; GitHub/OSV/OSVDB advisories; Metasploit module and exploit...
Remote Code Execution (RCE)
genix/cms is vulnerable to remote code execution RCE attacks. A malicious user can upload a module zip file containing arbitrary php code that executes arbitrary commands when extracted by the application...