GLPI 0.84.1 - Multiple Vulnerabilities

Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12, 2013 Public Disclosure: October 2, 2013...

CVE-2013-5961

Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/...

CVE-2013-5961

Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/...

MySQL: Обход фильтрации символов в имени колонок

Прим.: Вариант, который потерялся, и о котором никто не напомнил: https://rdot.org/forum/showpost.php?...2&postcount=10 Материал ниже все равно может быть полезен при изучении специфических SQL-запросов в MySQL и при некоторых типах WAF. ------------ Недавно, изучая одну уязвимость возникла...

Remote Code Execution in Microweber

High-Tech Bridge Security Research Lab discovered vulnerability in Microweber, which can be exploited to delete arbitrary files and compromise vulnerable system as a consequence. 1 Improper Access Control in Microweber: CVE-2013-5984 Vulnerability exists due to improper access restriction to...

Cross site request forgery (csrf)

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and 1 perform a SQL injection via an Etape4 action or 2 execute arbitrary PHP...

CVE-2013-5696

GLPI before 0.84.2 is affected by CVE-2013-5696 due to inc/central.class.php not disabling install.php after installation, enabling CSRF and, via Etape_4 and update_1 actions, potential SQL injection and arbitrary PHP code execution. The CVE is documented with root cause as improper access contro...

Security fix for the ALT Linux 9 package glpi version 0.84.2-alt1

Sept. 20, 2013 Pavel Zilke 0.84.2-alt1 - Security fixes: + CVE-2013-5696 : SQL Injection, PHP Code Execution, CSRF...

Security fix for the ALT Linux 10 package glpi version 0.84.2-alt1

Sept. 20, 2013 Pavel Zilke 0.84.2-alt1 - Security fixes: + CVE-2013-5696 : SQL Injection, PHP Code Execution, CSRF...

WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

Astium Remote Code Execution

This module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to...

Remote Code Execution in GLPI

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in GLPI, which can be exploited to bypass security restrictions and execute arbitrary PHP code with privileges of web server. 1 Improper Access Control in GLPI The vulnerability exists due to insufficient access restrictio...

SPIP 'connect' Parameter PHP Code Injection Vulnerability (Aug 2013) - Active Check

SPIP is prone to a remote PHP code injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip"; if...

Multiple Vulnerabilities in Gnew

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Gnew, which can be exploited to execute arbitrary PHP code and pefrom SQL injection attacks against vulnerable application. 1 PHP File Inclusion in Gnew: CVE-2013-5639 Vulnerability exists due to insufficient validation...

mooSocial 1.3 - Multiple Vulnerabilities

mooSocial 1.3 - Multiple Vulnerabilities Exploit Title: mooSocial 1.3 - Multiple Vulnerabilites Official site: http://www.moosocial.com Risk Level: High Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 22/08/2013 +----------+ | OVERVIEW | +----------+ mooSocial is a social...

OpenX flowplayer-3.1.1.min.js Backdoor Remote Code Execution

The version of OpenX installed on the remote host contains a backdoor and allows the execution of arbitrary PHP code, subject to the privileges under which the web server operates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

OpenNetAdmin 'ona.log' File Remote PHP Code Execution Vulnerability

OpenNetAdmin is prone to a remote PHP code-execution vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

OpenX Releases Security Update

OpenX has released an important security update for OpenX Source, the open source ad serving product. The downloadable ZIP archive of OpenX Source 2.8.10 was compromised to include a backdoor that would allow an attacker to upload and execute arbitrary PHP code. Compromised OpenX Source ad server...

Unrestricted file upload

Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/...

OpenNetAdmin 13.03.01 - Remote Code Execution

OpenNetAdmin 13.03.01 - Remote Code Execution Exploit Title: OpenNetAdmin Remote Code Execution Date: 03/04/13 Exploit Author: Mandat0ry aka Matthew Bryant Vendor Homepage: http://opennetadmin.com/ Software Link: http://opennetadmin.com/download.html Version: 13.03.01 Tested on: Ubuntu CVE : No C...