7221 matches found
Piwigo < 2.8.5 RFI Vulnerability
Piwigo is prone to a remote file inclusion RFI vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...
OpenConf 5.30 - Multi-Step Remote Command Execution
RIPS Analysis An early prototype of RIPS detected the issues described in the following in roughly 24,000 lines of code. OpenConf suffered mainly from a few SQL injection vulnerabilities, as well as reflected and persistent cross-site scripting issues. In the following, we focus on the combinatio...
WordPress Google Analytics Counter Tracker 3.1.5 PHP Object Injection Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability -----------------------------------------------------------------------...
WordPress Google Analytics Counter Tracker 3.1.5 PHP Object Injection
------------------------------------------------------------------------ Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability ------------------------------------------------------------------------ Remco Vermeulen, July 2016...
Elysia Cron - Critical - Arbitrary PHP code execution - SA-CONTRIB-2016-062
This module enables you to manage cron jobs. The module allows users with the permission "Administer elysia cron" to execute arbitrary PHP code via cron. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer elysia cron". This permission is...
NodCMS edit_lang_file PHP Code Execution
An arbitrary PHP code execution vulnerability exists in NodCMS . The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYPHP-DEV-SERVER-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ===============...
WordPress YITH WooCommerce Compare 2.0.9 PHP Object Injection
------------------------------------------------------------------------ YITH WooCommerce Compare WordPress Plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick Koster, June 2016...
NodCMS PHP Code Execution
!-- HTTP Request http://localhost/nodcms-master/admin/editlangfile/1/en POST /nodcms-master/admin/editlangfile/1/en HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; rv:49.0 Gecko/20100101 Firefox/49.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8...
NodCMS - PHP Code Execution
NodCMS - PHP Code Execution !-- HTTP Request http://localhost/nodcms-master/admin/editlangfile/1/en POST /nodcms-master/admin/editlangfile/1/en HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; rv:49.0 Gecko/20100101 Firefox/49.0 Accept:...
NodCMS - PHP Code Execution
!-- HTTP Request http://localhost/nodcms-master/admin/editlangfile/1/en POST /nodcms-master/admin/editlangfile/1/en HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; rv:49.0 Gecko/20100101 Firefox/49.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8...
Paragon Initiative Enterprises: BAD Code !
Hi sir, My name is Ahmed Kohly and I'm the biggest hacker on EGYPT, I'm also who hacked ISIS pages with my friend Ahmed Samara we are so dangerous. so don't trust me Please . Anyway, I've found that your code here https://github.com/paragonie/airship/blob/master/tools/audithelper.php , is startin...
SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution Exploit
Exploit for php platform in category web applications Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;? 0day.today 2018-03-31...
SweetRice 1.5.1 - Cross-Site Request Forgery PHP Code Execution
SweetRice 1.5.1 - Cross-Site Request Forgery PHP Code Execution Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;? /textarea...
SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution
Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;? /textarea...
DLA-695-1 spip - security update
Bulletin has no description...
CVE-2016-8580
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...
WordPress Userpro Remote File Upload Exploit
This Metasploit module exploits an arbitrary PHP code upload in thewordpress Ifileupload plugin, The vulnerability allows for unauthorization file upload and remote code execution. Exploit Title : Wordpress Userpro Remote File Upload Exploit Author : Ashiyane Digital Security Team Vendor Homepage...
WordPress Userpro Remote File Upload
Exploit Title : Wordpress Userpro Remote File Upload Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://userproplugin.com/ Google Dork : inurl:/wp-content/plugins/userpro/ Date : 10/20/2016 Tested on : Windows10/Linux This module requires Metasploit:...
SPIP 3.1.2 Template Compiler / Composer PHP Code Execution
SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence...