SFBrowser 1.4.5 - connectors/php/sfbrowser.php File Upload PHP Code Execution

The sfbrowser WordPress plugin was affected by a connectors/php/sfbrowser.php File Upload PHP Code Execution security vulnerability...

Top Quark Architecture 2.1.0 - lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution

The Top Quark Architecture WordPress plugin was affected by a lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution security vulnerability...

WordPress Dagda Theme - Shell Upload Vulnerability

This theme is prone to a shell upload vulnerability. It allows an attacker to execute arbitrary PHP code. Solution Update the theme...

Sphider 1.3.6 - Multiple Vulnerabilities

Exploit for php platform in category web applications Description: The web application is vulnerable to SQLi. Once a website has been indexed with Sphider, an attacker can inject SQL under Sites - Browser pages- filter option. Proof of Concept: Response: POST: /admin/admin.php...

WordPress iTheme2 Theme - File Upload Arbitrary Code Execution

A "themify-ajax.php" file upload arbitrary PHP code execution vulnerability was found in WordPress iTheme2 theme. Solution Update the theme...

WordPress <= 2.8.5 - Unrestricted File Upload Arbitrary PHP Code Execution

...

SkaDate Lite 2.0 Remote Code Execution

!/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new platform that makes it easy to start online...

SkaDate Lite 2.0 - Remote Code Execution

SkaDate Lite 2.0 - Remote Code Execution !/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new...

SkaDate Lite 2.0 Remote Code Execution Exploit

Summary SkaDate Lite is a new platform that makes it easy to start online dating business in just a few easy steps. No programming or design knowledge is required. Install the solution, pick a template, and start driving traffic to your new online dating site. Description SkaDate Lite suffers fro...

CMSimple 4.4.4 - color Remote Code Execution

CMSimple 4.4.4 - color Remote Code Execution source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security...

CMSimple 4.4.4 - Remote File Inclusion

CMSimple 4.4.4 - Remote File Inclusion source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security...

CMSimple - Default Administrator Credentials

source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security vulnerabilities An attacker can exploit these...

CMSimple 4.4.4 - Remote File Inclusion

source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security vulnerabilities An attacker can exploit these...

Oxwall 1.7.0 Remote Code Execution Exploit

Summary Oxwall is unbelievably flexible and easy to use PHP/MySQL social networking software platform. Description Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thr...

Authentication flaw

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

CVE-2014-4725

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

CVE-2014-4725

CVE-2014-4725 affects the WordPress plugin MailPoet Newsletters (wysija-newsletters) prior to version 2.6.7. The root cause is a lack of access control that permits unauthenticated remote file uploads via wp-admin/admin-post.php, allowing an attacker to upload a crafted theme to wp-content/upload...

Omeka 2.2.1 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...

Omeka 2.2.1 Remote Code Execution

!/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of library, museum, archives, and scholarly...

Omeka 2.2.1 - Remote Code Execution

Omeka 2.2.1 - Remote Code Execution !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...