Code injection

DataLife Engine DLE 9.7 allows remote attackers to execute arbitrary PHP code via the catlist parameter to engine/preview.php, which is used in a pregreplace function call with an e modifier...

Design/Logic Flaw

The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397...

Design/Logic Flaw

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...

CVE-2013-1397

CVE-2013-1397 affects Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x, where a remote attacker can execute arbitrary PHP code by sending a serialized PHP object to the Yaml::parse or Yaml\Parser::parse function. Root cause: insecure handling in YAML parsing leading to code execution. I...

CVE-2013-1412

CVE-2013-1412 affects DataLife Engine 9.7. The vulnerability is a remote PHP code injection in engine/preview.php via the catlist[] parameter, exploited through an insecure preg_replace with the deprecated/e modifier. Public references document remote code execution capabilities and multiple expl...

Discuz UC_Server 本地文件包含漏洞（有条件限制）

简要描述： 怀着忐忑的心情提交了这个漏洞，依旧相信wooyun是一个良好的平台 赌上了作为一个白帽子的节操，不要在让他碎一地 详细说明： 条件一： 需要UC管理员权限。 条件二： 前台可上传带有PHP代码的可控文件。 漏洞函数onping在文件ucserver\control\admin\app.php function onping $ip = getgpc'ip'; $url = getgpc'url'; $appid = intvalgetgpc'appid'; $app = $ENV'app'-getappbyappid$appid; $status = '';...

Clipperz Password Manager RCE Vulnerability (May 2014) - Active Check

Clipperz Password Manager is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Dotclear 2.6.2 Arbitrary File Upload

------------------------------------------------------------------------ Dotclear = 2.6.2 Media Manager Unrestricted File Upload Vulnerability ------------------------------------------------------------------------ - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and...

Clipperz Password Manager Code Execution Vulnerability

Clipperz Password Manager suffers from a remote code execution vulnerability. Exploit Title : Clipperz Password Manager remote code execution vulnerability Author : Manish Kishan Tanwar Vendor : https://clipperz.is/opensource/clipperzpasswordmanager/ Download Link :...

CVE-2013-4250

The 1 file upload component and 2 File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file...

CVE-2013-4250

The 1 file upload component and 2 File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file...

Design/Logic Flaw

The 1 file upload component and 2 File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file...

CVE-2013-4250

The 1 file upload component and 2 File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file...

CVE-2014-3453

Eval injection vulnerability in the flagimportformvalidate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import...

Design/Logic Flaw

Eval injection vulnerability in the flagimportformvalidate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import...

CVE-2014-1613

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

CVE-2014-1613

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

Default credentials

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

CVE-2014-1613

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

Design/Logic Flaw

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a ' backslash quote in the setting fields to /wp-admin/options-media.php, related to the createfunction function...