7219 matches found
CVE-2013-3631
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...
Design/Logic Flaw
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...
CVE-2013-3631
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...
Joomla Joomleague component Shell Upload Vulnerability
Joomla Joomleague component suffers from a remote shell upload vulnerability due to having Open Flash Chart included. Exploit Title: joomla comjoomleague execute arbitrary PHP code Exploit Google Dork: inurl:comjoomleague Date: 01-11-2013 Exploit Author: wantexz Vendor...
ImpressPages CMS 3.6 - 'manage()' Remote Code Execution
!/usr/bin/python ImpressPages CMS v3.6 manage Function Remote Code Execution Exploit Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6, 3.5 and 3.1 Summary: ImpressPages CMS is an open source web content management system with revolutionary drag & drop...
Joomla Joomleague Shell Upload
Exploit Title: joomla comjoomleague execute arbitrary PHP code Exploit Google Dork: inurl:comjoomleague Date: 01-11-2013 Exploit Author: wantexz Vendor Homepage:http://www.joomleague.net/ Software Link:...
NAS4Free - Remote Code Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'rexml/document' class Metasploit4 'NAS4Free Arbitrary Remote Code Execution', 'Description' = %q NAS4Free allows an authenticated...
NAS4Free Arbitrary Remote Code Execution
NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well. This module requires Metasploit:...
vTiger CRM 5.3.0 / 5.4.0 Authenticated Remote Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'vTigerCRM v5.4.0/v5.3.0 Authenticated Remote Code Execution', 'Description' = %q vTiger CRM allows an authenticated user to upload...
NAS4Free Arbitrary Remote Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'rexml/document' class Metasploit4 'NAS4Free Arbitrary Remote Code Execution', 'Description' = %q NAS4Free allows an authenticated...
Log1 CMS writeInfo() PHP Code Injection (CVE-2011-4825)
A PHP code injection vulnerability has been reported in the "Ajax File and Image Manager" component in log1 CMS. A remote attacker could inject arbitrary PHP code into data.php via crafted parameters...
SA-CONTRIB-2013-079 - Context - Multiple Vulnerabilities
Context allows you to manage contextual conditions and reactions for different portions of your site This advisory covers two separate issues. Arbitrary PHP Code Execution The first, and more severe issue Highly Critical status, is that the module allows execution of PHP code via manipulation of ...
WordPress Woopra Remote Code Execution
WordPress Woopra plugin remote PHP arbitrary code execution exploit. Exploit Title: woopra plugins execute arbitrary PHP code Exploit Google Dork: inurl:/plugins/woopra/inc/php-ofc-library , inurl:wp-content/plugins/woopra/inc/ Date: 06-10-2013 Exploit Author: wantexz Vendor...
Empire cms 7.0 background to get shell-vulnerability warning-the black bar safety net
Empire CMS7. 0 background can upload the mod suffix PHP file and execute inside php code. Into the backgroundit! Method a: system data tables with the system model-management data table and then randomly selected one data table, open the corresponding data table of the“management system model”as...
WordPress SEO Watcher Remote Code Execution Vulnerability
WordPress SEO Watcher plugin remote code execution exploit. Exploit Title: seo-watcher plugins execute arbitrary PHP code Exploit Google Dork: inurl:/wp-content/plugins/seo-watcher/ inurl:wp-content/plugins/seo-watcher/ Date: 03-10-2013 Exploit Author: wantexz Vendor Homepage:http://wordpress.org...
WordPress SEO Watcher Plugin - Arbitrary PHP Code Execution
SEO Watcher plugin's "ofcuploadimage.php" is prone to an arbitrary PHP code execution vulnerability. It allows an attacker to execute arbitrary PHP code within the context of the web server. Solution Upgrade the plugin...
WordPress Plugin SEO Watcher - ofc_upload_image.php Arbitrary PHP Code Execution
WordPress Plugin SEO Watcher - ofcuploadimage.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/62825/info The SEO Watcher plugin for WordPress is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code with...
ClipBucket Remote Code Execution Vulnerability
ClipBucket suffers from a remote code execution vulnerability that allows for a shell upload. . \ /| | \ \ \ \ | | | | / \ / \ /\ / \ / / / / / \ /\ / \ / / / | | | Y \ / \ | | \ /\ \ \ | | /\ /\ / || || /\ \ /|| / /// \ /|| \ // / / / / / / http://thecrowscrew.org Exploit...
GLPI 0.84.1 Access Control / Code Injection
Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12, 2013 Public Disclosure: October 2, 2013...
GLPI 0.84.1 - Multiple Vulnerabilities
GLPI 0.84.1 - Multiple Vulnerabilities Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12,...