Design/Logic Flaw

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template...

CVE-2014-8350

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template...

CVE-2014-8350

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template...

Code injection

EGroupware Enterprise Line EPL before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the calluserfunc PHP function, as demonstrated using th...

CVE-2014-2988

EGroupware Enterprise Line EPL before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the calluserfunc PHP function, as demonstrated using th...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in EGroupware Enterprise Line EPL before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that 1 create an...

Drupal 7.31 CORE pre Auth SQL Injection Vulnerability

Exploit for php platform in category web applications Advisory: Drupal - pre-auth SQL Injection Vulnerability Release Date: 2014/10/15 Last Modified: 2014/10/15 Author: Stefan Horst Application: Drupal = 7.0 = 7.31 Severity: Full SQL injection, which results in total control and code execution of...

Web Encryption Extension security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Revision: 1.0 Last Updated: 25 July 2014 First Published: 25 July 2014 Summary: A security issue was found in the Web Encryption Extension. Authenticated users are able to modify the content of https request fields to insert code into the pipeline...

TeamPass < 2.1.20 Multiple Vulnerabilities

TeamPass is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:teampass:teampass"; ifdescription...

Croogo 2.0.0 Arbitrary PHP Code Execution

!/usr/bin/env python Croogo 2.0.0 Arbitrary PHP Code Execution Exploit Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MV...

Croogo 2.0.0 Arbitrary PHP Code Execution Exploit

Summary Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MVC framework. Description Croogo suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded...

Wordpress InfusionSoft Plugin Upload Vulnerability

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include...

Wordpress InfusionSoft Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

Glype 1.4.9 - Cookie Injection Path Traversal LFI

No description provided by source. ------------------------------------------------------------------------ Glype proxy cookie jar path traversal allows code execution ------------------------------------------------------------------------ Securify, September 2014...

Glype proxy privacy settings can be disabled via CSRF

------------------------------------------------------------------------ Glype proxy privacy settings can be disabled via CSRF ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------...

Glype proxy cookie jar path traversal allows code execution

------------------------------------------------------------------------ Glype proxy cookie jar path traversal allows code execution ------------------------------------------------------------------------ Securify, September 2014...

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

Code injection

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

CVE-2014-5324

Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file...