Updated mhonarc packages fix security vulnerability

MHonArc before 2.6.19 is vulnerable to PHP code injection via commentized subjects. This update fixes it...

Nippon Institute of Agroinformatics SOY CMS Directory Traversal Vulnerability

Nippon Institute of Agroinformatics SOY CMS is a web content management system CMS from Nippon Institute of Agroinformatics, Japan. The system supports the creation of websites, the development of software based on A/B testing, and the optimization of websites. A directory traversal vulnerability...

PlaySms 1.4 Remote Code Execution

Exploit Title: PlaySMS 1.4 Code Execution using $filename and Unrestricted File Upload in sendfromfile.php Date: 14-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website: http://touhidshaikh.com/...

HDWiki has a write file vulnerability that can take a shell

Interactive Wiki open source system HDwiki is Interactive Online Beijing Technology Co., Ltd. of an independent intellectual property rights of the Chinese Wiki Wiki system. HDWiki 6.0 version of the background management of any file read-write vulnerability , attackers can exploit the...

MODX CMS 2.x < 2.5.7 Multiple Vulnerabilities

MODX CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:modx:revolution"; if description...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors...

CVE-2016-4876

Cross-site request forgery CSRF vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors...

CVE-2016-4876

Cross-site request forgery CSRF vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors...

CVE-2016-4876

CVE-2016-4876 is a CSRF vulnerability affecting baserCMS up to version 3.0.10 (and related plugins). An attacker could exploit a logged-in administrator session to cause arbitrary PHP code execution on the server via unspecified vectors, effectively hijacking admin actions. Impact ranges include ...

CVE-2016-4876

Cross-site request forgery CSRF vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors...

CVE-2017-8912

CMS Made Simple CMSMS 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug...

Design/Logic Flaw

DISPUTED CMS Made Simple CMSMS 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug."...

CVE-2017-8912

CMS Made Simple CMSMS 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug...

CVE-2017-8912

CMS Made Simple CMSMS 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug...

JVN#51819749: SOY CMS vulnerable to directory traversal

SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. SOY CMS contains a directory traversal vulnerability CWE-22 due to a flaw in processing shopid parameter. Impact An authenticated attacker may execute arbitrary PHP code on the server. Solution Updat...

BanManager WebUI PHP Code Injection Vulnerability

BanManager is a SQL-based disablement management system. A PHP code injection vulnerability exists in BanManager WebUI version 1.5.8. The vulnerability can be exploited to execute arbitrary code because the 'setting.php' page does not validate the input parameters when doing an update operation...

BanManager WebUI 1.5.8 - PHP Code Injection Vulnerability

Exploit for php platform in category web applications BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage:...

BanManager WebUI 1.5.8 - PHP Code Injection

BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/BanManagement/BanManager-WebUI Software Link:...

BanManager WebUI 1.5.8 - PHP Code Injection

BanManager WebUI 1.5.8 - PHP Code Injection BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage:...

Moodle Remote Code Execution (CVE-2017-2641)

A remote code execution vulnerability exists in Moodle. The vulnerability is due to object injection through a legacy user preferences setting. A remote attacker can exploit this vulnerability to execute PHP code at the vulnerable Moodle server...