Piwik 2.14.3 PHP Object Injection

----------------------------------------------------------------------- Piwik = 2.14.3 DisplayTopKeywords PHP Object Injection Vulnerability ----------------------------------------------------------------------- - Software Link: https://piwik.org/ - Affected Versions: Version 2.14.3 and prior...

ATutor 2.2 PHP Code Injection

--------------------------------------------------------------- ATutor "name" 186. 187. $sort = '$grades'.$ordercol.', SORT'.strtoupper$order.', $selectedstudents ... 188. 189. foreach$selectedtests as $test 190. 191. if $test"gradebooktestid" $ordercol 192. $sort .= ',...

[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability

------------------------------------------------------------------------------- Magento = 1.9.2 catalogProductCreate Autoloaded File Inclusion Vulnerability ------------------------------------------------------------------------------- - Software Link: http://magento.com/ - Affected Versions:...

SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory 20151022-0 ======================================================================= title: Multiple critical vulnerabilities product: Lime Survey vulnerable version: 2.05 up to 2.06+ Build 151014 fixed version: 2.06+ Build 151016 CVE number: impact:...

The World Browser 3.0 Final - Remote Code Execution Exploit

Exploit for php platform in category remote exploits !/usr/bin/php ?php Author : Ehsan Noreddini E-Mail : email protected Social : @prot3ct0r Title : The World Browser Remote Code Execution TheWorld Browser is a tiny, fast and powerful web Browser. It is completely free. There is no function...

The World Browser 3.0 Final - Remote Code Execution

The World Browser 3.0 Final - Remote Code Execution !/usr/bin/php ?php Author : Ehsan Noreddini E-Mail : [email protected] Social : @prot3ct0r Title : The World Browser Remote Code Execution TheWorld Browser is a tiny, fast and powerful web Browser. It is completely free. There is no function...

CVE-2015-5660

Cross-site request forgery CSRF vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code...

CVE-2015-5660

Cross-site request forgery CSRF vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code...

CVE-2015-5660

Cross-site request forgery CSRF vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code...

CVE-2015-5660

Extplorer before 2.1.8 is affected by a Cross‑Site Request Forgery (CSRF) vulnerability that enables an attacker to hijack the authentication of arbitrary users for requests that execute PHP code. The issue, CVE-2015-5660, is documented across multiple sources (NVD, CNVD, Debian DLA, OSV) and res...

JVN#92520335: eXtplorer vulnerable to cross-site request forgery

eXtplorer is a web-based file manager. index.php of eXtplorer contains a cross-site request forgery CWE-352 vulnerability. Impact If a user views a malicious page while logged in, the user may be forced to implicitly perform unintended operations such as the execution of arbitrary PHP code...

Cybozu Garoon Code Injection Vulnerability

Cybozu Garoon is a portal type OA office system of Cybozu Japan. A code injection vulnerability exists in Cybozu Garoon. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...

CVE-2015-5647

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866...

CVE-2015-5646

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867...

Code injection

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867...

CVE-2015-5646

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867...

CVE-2015-5647

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866...

Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) Arbitrary File Upload PHP Code Execution

Dream CMS 2.3.0 - Cross-Site Request Forgery Add Extension Arbitrary File Upload PHP Code Execution Dream CMS 2...

Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution

Dream CMS 2.3.0 CSRF Add Extension And File Upload PHP Code Execution/t...