CVE-2015-5723

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local...

CVE-2015-5723

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local...

Code injection

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local...

CVE-2015-5723

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local...

Centreon 'POST' Parameter File Upload Vulnerability

Centreon is prone to file upload vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:centreon:centreon"; ifdescription...

WordPress Ninja Forms Unauthenticated File Upload

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WordPress Ninja Forms Unauthenticated File Upload', 'Description' = % Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin...

Real Estate Portal 4.1 - Multiple Vulnerabilities

Real Estate Portal 4.1 - Multiple Vulnerabilities Real Estate Portal v4.1 Remote Code Execution Vulnerability Vendor: NetArt Media Product web page: http://www.netartmedia.net Affected version: 4.1 Summary: Real Estate Portal is a software written in PHP, allowing you to launch powerful and...

WordPress Plugin Job Script by Scubez - Remote Code Execution

!C:/Python27/python.exe -u JobScript Remote Code Execution Exploit Vendor: Jobscript Product web page: http://www.jobscript.in Affected version: Unknown Summary: JobScript is inbuilt structured website was developed in PHP and MySQL database. It's a complete job script for those who wants to star...

WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WordPress Ninja Forms Unauthenticated File Upload', 'Description' = % Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin...

[SECURITY] [DLA 452-1] smarty3 security update

Package : smarty3 Version : 3.1.10-2+deb7u1 CVE ID : CVE-2014-8350 Debian Bug : 765920 Smarty3, a template engine for PHP, allowed remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal/literalscript language=php" in a template. For Debi...

DLA-452-1 smarty3 - security update

Bulletin has no description...

Udemy: Showing Up Source Code

Hello Sir! I have just seen vulnerability in your website: https://blog.udemy.com in this website your website is showing the PHP code of a file named wordpress-importer.php link of this file is listed below: https://blog.udemy.com/wp-content/uploads/2010/09/wordpress-importer.php.txt I have also...

phpMyFAQ Cross-Site Request Forgery Vulnerability

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site request forgery vulnerability exists in phpMyFAQ. Due to the application failing to properly validate the 'Interface Translation' translation function of the originating HTTP request. An unauthenticated remote attacker c...

vBulletin decodeArguments serialized object vulnerability

Added: 04/15/2016 CVE: CVE-2015-7808 Background vBulletin is PHP software for building community websites. Problem A vulnerability in vBulletin 5 Connect allows remote attackers to execute arbitrary PHP code by placing a specially crafted serialized object in the arguments parameter to the...

vBulletin decodeArguments serialized object vulnerability

Added: 04/15/2016 CVE: CVE-2015-7808 Background vBulletin is PHP software for building community websites. Problem A vulnerability in vBulletin 5 Connect allows remote attackers to execute arbitrary PHP code by placing a specially crafted serialized object in the arguments parameter to the...

phpmyfaq -- cross-site request forgery vulnerability

The phpMyFAQ team reports: The vulnerability exists due to application does not properly verify origin of HTTP requests in "Interface Translation" functionality.: A remote unauthenticated attacker can create a specially crafted malicious web page with CSRF exploit, trick a logged-in administrator...

CVE-2016-3153

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...

CVE-2016-3153

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...

Design/Logic Flaw

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

Design/Logic Flaw

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...