mt-phpincgi Arbitrary PHP Code Execution Vulnerability

mt-phpincgi is a script that runs Movable Type templates. An arbitrary PHP code execution vulnerability exists in mt-phpincgi, which allows remote attackers to submit a special request to execute arbitrary PHP code in the context of a web process...

CVE-2015-0935

Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts...

CVE-2015-0935

Bomgar Remote Support prior to 15.1.1 is vulnerable to arbitrary PHP code execution via crafted serialized data that is deserialized by the application. The root cause is improper handling of untrusted serialized input (PHP unserialize) in the Bomgar portal, enabling an attacker to execute code i...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator user via an add action to admin/index.php or 2 conduct static PHP code injection attacks via...

CVE-2012-4902

Multiple cross-site request forgery CSRF vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator user via an add action to admin/index.php or 2 conduct static PHP code injection attacks via...

CVE-2012-4902

CVE-2012-4902 concerns Template CMS 2.1.1 and earlier. The vulnerability is a CSRF flaw that lets an attacker trick an authenticated administrator into performing unauthorized actions, including adding a new administrator account and potentially triggering code execution through the admin interfa...

WebUI 1.5b6 PHP Code Injection

| Title : WebUI 1.5b6 PHP code injection Vulnerability | Author : indoushka | email : [email protected] | Dork : c2002-2010 Young Consulting | Tested on: Win 8.1 fr pro / 22:30 15/05/2015 | Bug : PHP code injection | Download : https://github.com/baram01/webui/...

WordPress Wp Image Zoom Plugin <= 1.0.3 - PHP Code Execution

This plugin is prone to download.php file upload PHP code execution vulnerability. Solution Update plugin...

Wordpress RevSlider File Upload and Execute Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress ThemePunch Revolution Slider revslider plugin, version 3.0.95 and prior. The vulnerability allows for arbitrary file upload and remote code execution. Usage Info msf use exploit/unix/webapp/wprevslideruploadexecute msf...

WordPress RevSlider File Upload and Execute Vulnerability

This module exploits an arbitrary PHP code upload vulnerability in the WordPress ThemePunch Slider Revolution RevSlider plugin, versions 3.0.95 and prior. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: https://metasploit.com/download...

Bomgar Remote Support Portal deserializes untrusted data

Overview Bomgar Remote Support version 14.3.1 and possibly earlier versions deserialize untrusted data without sufficient validation, allowing an attacker to potentially execute arbitrary PHP code. Description CWE-502: Deserialization of Untrusted Data Bomgar Remote Support version 14.3.1 and...

Debian DSA-3244-1 : owncloud - security update

Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. - CVE-2015-3011 Hugh Davenport discovered that the 'contacts' application shipped with ownCloud is vulnerable to multiple stored cross-site scripting attacks. Thi...

WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities

Exploit for php platform in category web applications Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Versions: 1.3.9 and probably prior Tested Version: 1.3.9 Advisory Publication: April 8, 2015 without technical details Vendor Notification: April 8, 2015 Public...

CVE-2012-2930

Multiple cross-site request forgery CSRF vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user via an adduser action to admin/index.php or 2 conduct static PHP code injection attacks in .htusers.php...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user via an adduser action to admin/index.php or 2 conduct static PHP code injection attacks in .htusers.php...

CVE-2012-2930

Multiple cross-site request forgery CSRF vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user via an adduser action to admin/index.php or 2 conduct static PHP code injection attacks in .htusers.php...

Open-Letters - Remote PHP Code Injection

Open-Letters - Remote PHP Code Injection / errorreporting0; settimelimit0; iniset"defaultsockettimeout", 5; function httpsend$host, $packet if !$sock = fsockopen$host, 80 die "\n- No response from $host:80\n"; fwrite$sock, $packet; return streamgetcontents$sock; print "+ Author: TUNISIAN CYBER\n"...

WordPress N-Media Website Contact Form Plugin - Upload Vulnerability

This vulnerability allows an attacker to upload arbitrary PHP code and execute it. Solution Update the plugin...

WordPress Work The Flow Plugin - Upload Vulnerability

This vulnerability allows an attacker to upload arbitrary PHP code and execute it. Solution Update the plugin...

Magento Patched Remote Execution Hole in eCommerce Platform

A nasty remote code execution vulnerability was recently patched in eBay’s eCommerce platform Magento. The hole, disclosed Monday, could put upwards to 200,000 company’s web stores, and their customers’ information at risk of being compromised. If exploited, researchers claim the vulnerability...