Unrestricted file upload

Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file...

CVE-2014-5324

N-Media file uploader plugin for WordPress is vulnerable prior to version 3.4. An unrestricted file upload allows remote authenticated users with Author privileges to store a file and execute arbitrary PHP code on the server. Impact is arbitrary code execution with partial confidentiality/integri...

Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion

Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion ------------------------------------------------------------------------ Glype proxy cookie jar path traversal allows code execution ------------------------------------------------------------------------ Securify, September...

Glype Proxy 1.4.9 Cookie Jar Path Traversal / Code Execution / Filter Bypass

A path traversal vulnerability has been identified in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or to remove critical files from the filesystem. Version 1.4.9 is affected. Glype Proxy version 1.4.9 suffers from a local address filer bypass...

Glype Proxy 1.4.9 Cross Site Request Forgery

------------------------------------------------------------------------ Glype proxy privacy settings can be disabled via CSRF ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------...

ALCASAR 2.8 Remote Root Code Execution Vulnerability

No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d8...

ALCASAR 2.8 Remote Root Code Execution Exploit

Alcasar versions 2.8 and below remote root command execution exploit. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'...

ALCASAR-Remote

By sending a specially crafted value in the "host" HTTP header, it is possible to inject the exec function in order to execute commands as Apache user. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db...

Alcasar 2.8 Remote Root Command Execution

!/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d8' 8b Y8aaaaa, d8' 8b 88aaaaaa8P'...

Web Servers Joomla Remote File Inclusion

Joomla component is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This...

ownCloud Local File Inclusion Vulnerability -01 (Aug 2014)

ownCloud is prone to local file inclusion vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if...

HybridAuth - 'install.php' PHP Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HybridAuth install.php PHP Code Execution', 'Description' = %q This module exploits a PHP code execution vulnerability in HybridAuth...

WordPress N-Media file uploader Plugin <= 3.3 - Unrestricted File Upload

Because of this vulnerability, authenticated users can execute arbitrary PHP code by leveraging Author privileges to store a file. Solution Update the plugin...

CVE-2014-5194

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

Code injection

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

SkaDate Lite 2.0 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new platform...

Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution

The hungred-post-thumbnail WordPress plugin was affected by a hptfileupload.php File Upload PHP Code Execution security vulnerability...

Sexy Add Template 1.0 - PHP Code Execution CSRF

The sexy-add-template WordPress plugin was affected by a PHP Code Execution CSRF security vulnerability...

Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution

The Annonces WordPress plugin was affected by an admin/theme.php File Upload PHP Code Execution security vulnerability...

RBX Gallery 2.1 - uploader.php File Upload PHP Code Execution

The rbxgallery WordPress plugin was affected by an uploader.php File Upload PHP Code Execution security vulnerability...