Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection

Meta Tags File Footer File...

CVE-2017-14146

HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory...

CVE-2017-14146

HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory...

CVE-2014-8677

The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and...

Cross site request forgery (csrf)

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...

CVE-2017-14048

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...

CVE-2017-14050

In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file...

CVE-2017-14048

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...

BlackCat CMS Arbitrary PHP Code Injection Vulnerability (CNVD-2017-24887)

BlackCat CMS is a PHP5, HTML5 content management system. BlackCat CMS suffers from an arbitrary PHP code injection vulnerability that allows remote authenticated users to inject arbitrary PHP code into info.php via the newmodulename parameter of specially crafted backend/addons/ajaxcreate.php...

CVE-2017-10844

baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors...

CVE-2017-10844

baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors...

CVE-2017-10844

CVE-2017-10844 affects baserCMS 3.0.14 and earlier and 4.0.5 and earlier. The vulnerability allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. Reported CVSS scores indicate high impact (CVSS3 base 8.8; CVSS2 base 6.5). Connected sources corroborate that the is...

JVN#78151490: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2017-10842 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...

JVN#87410770: Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD

Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-10832 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution Exploit

This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'newhomepage' parameter of the 'saveHomePage'...

IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution', 'Description' = %q This module exploits an unauthenticated remote PHP code execution...

VehicleWorkshop Arbitrary File Upload

Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 =================== Vulnerable Page: ===================...

VehicleWorkshop - Arbitrary File Upload

VehicleWorkshop - Arbitrary File Upload Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 ===================...

VehicleWorkshop - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7...

VehicleWorkshop - Arbitrary File Upload

Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 =================== Vulnerable Page: ===================...