7219 matches found
CVE-2014-2846
WD Arkeia Virtual Appliance AVA firmware
AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability
Document Title: =============== AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1258 Release Date: ============= 2014-04-22 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2014-0342
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .php or 2 .php extension, and then accessing it via unspecified vectors...
Unrestricted file upload
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .php or 2 .php extension, and then accessing it via unspecified vectors...
CVE-2014-0342
PivotX is affected by CVE-2014-0342 due to unrestricted file upload in fileupload.php. The issue occurs in PivotX before 2.3.9, where a file with a .php or .php# extension can be uploaded and then accessed via unspecified vectors, enabling remote execution of PHP code by an authenticated user. Th...
pivotx -- Multiple unrestricted file upload vulnerabilities
Pivotx reports: Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .php or 2 .php extension, and then accessing it via unspecified vectors...
Ecmall a built Station template, search box SQL injection-vulnerability warning-the black bar safety net
http://www.tuutao.com/index.php soil Amoy network With the Ecmall of the establishment of the station template, this template should be all pass to kill. There is a search box injection, the injection point is: http://www.tuutao.com/index.php?app=store&act=search&id=4 5&keyword=aaa&minprice=1 0...
DEBIAN-CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
Design/Logic Flaw
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
CVE-2013-7344
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...
Design/Logic Flaw
Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered ...
Design/Logic Flaw
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...
CVE-2013-7344
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...
CVE-2013-7344
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...
Horde Framework - Unserialize PHP Code Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Horde Framework Unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Horde...
CVE-2011-5273
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. dot dot in the pkg parameter in a doinstall action to dtc/...
CVE-2011-5273
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. dot dot in the pkg parameter in a doinstall action to dtc/...
Directory traversal
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. dot dot in the pkg parameter in a doinstall action to dtc/...