Plesk Panel Apache Arbitrary PHP Code Injection

The remote host contains an Apache web server installation that is included with Parallels Plesk Panel and that is affected by a remote PHP code injection vulnerability. Due to an Apache configuration issue, a remote, unauthenticated attacker can exploit this issue by crafting a request allowing...

DataLife Engine preview.php PHP Code Injection (CVE-2013-1412)

A PHP code injection vulnerability has been reported in DataLife Engine 9.7...

HP System Management Home Page Command Injection (CVE-2013-3576)

A Remote PHP Code Injection has been reported in HP System Management. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful exploitation would result...

Parallels Plesk Remote Exploit(PHP Code Execution and therefore Command Execution)

No description provided by source. Parallels Plesk Remote Exploit -- PHP Code Execution and therefore Command Execution Affected and tested: Plesk 9.5.4 Plesk 9.3 Plesk 9.2 Plesk 9.0 Plesk 8.6 Discovered & Exploited by Kingcope / June 2013 Affected and tested OS: RedHat, CentOS, Fedora Affected a...

CMS Gratis Indonesia PHP Code Injection Vulnerability

CMS Gratis Indonesia version 2.2 Beta 1 suffers from a remote PHP code injection vulnerability. Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link :...

Cuppa CMS - alertConfigField.php LocalRemote File Inclusion

Cuppa CMS - alertConfigField.php LocalRemote File Inclusion Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip...

Cuppa CMS Remote / Local File Inclusion Vulnerability

Cuppa CMS suffers from remote and local file inclusion vulnerabilities. Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link :...

Cuppa CMS - '/alertConfigField.php' Local/Remote File Inclusion

Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip Version : Beta Tested on : Window and Linux...

CMS Gratis Indonesia PHP Code Injection

Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link : http://jaist.dl.sourceforge.net/project/cmsid/source/2.2/cmsid-2.2-beta1.zip Version : 2.2 Beta 1 Tested on : Windo...

Cuppa CMS Remote / Local File Inclusion

Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip Version : Beta Tested on : Window and Linux...

CMS Gratis Indonesia - config.php PHP Code Injection

CMS Gratis Indonesia - config.php PHP Code Injection source: https://www.securityfocus.com/bid/60337/info CMS Gratis Indonesia is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected...

PhpTax 0.8 Code Execution Vulnerability

PhpTax version 0.8 suffers from a file manipulation remote code execution vulnerability. ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / ...

PhpTax 0.8 - File Manipulation 'newvalue' / Remote Code Execution

,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : PhpTax File Manipulationnewvalue,field Remote Code...

Ecshop后台getshell-2

简要描述： 非模板，非sql!!!!!!! 详细说明： 后台可以编辑语言项，并且语言项中有部分是双引号，所以可以通过 $phpinfo 这种格式直接执行php代码，getshell!!这里为了方便演示，使用phpinfo，实际情况可以换成一句话） 语言文件有双引号 后台可以编辑语言文件，插入特殊格式php代码。 此处编辑的是“gzip已禁用”这段文字，所以几乎所有页面都有php代码，首页都有了。 漏洞证明：...

Session fixation

functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...

ZPanel Crafted Template Remote Command Execution Vulnerability

Exploit for php platform in category web applications There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor "templater"...

Incomplete blacklist vulnerability - ownCloud

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows authenticated remote attackers to execute arbitrary PHP code by uploading a crafted file and accessing an uploaded PHP file. Note: Successful exploitation requires that the /data/ directory is stored inside the webroot and a...

Server: Incomplete blacklist vulnerability

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows authenticated remote attackers to execute arbitrary PHP code by uploading a crafted file and accessing an uploaded PHP file. Note: Successful exploitation requires that the /data/ directory is stored inside the webroot and a...

Multiple Vulnerabilities in OpenX

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting XSS attacks and compromise vulnerable system. 1 Local File Inclusion in OpenX: CVE-2013-3514 Input passed via "group" HTTP GET...

SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey

SEC Consult Vulnerability Lab Security Advisory 20130417-0 ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage:...