WP Super Cache Plugin for WordPress Multiple Insecure PHP Code Inclusion Macros Remote Code Execution

The WP Super Cache Plugin for WordPress installed on the remote host is affected by a remote PHP code execution vulnerability due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can submit a comment to a WordPress blog containing arbitrary PHP code. The...

WordPress W3 Total Cache plugin <= 0.9.2.8 - PHP Code Execution vulnerability

W3 Total Cache plugin is prone to a PHP code execution vulnerability because of the handling of certain macros such as "mfunc" that allows arbitrary PHP code injection. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 0.9.2.9...

WordPress Plugin W3 Total Cache - PHP Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Wordpress W3 Total Cache PHP Code...

Wordpress W3 Total Cache PHP Code Execution Vulnerability

This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows...

Wordpress W3 Total Cache PHP Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Wordpress W3 Total Cache PHP Code...

[SECURITY] Fedora 19 Update: php-twig-Twig-1.12.3-1.fc19

The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...

SMF - index.php HTML Injection Multiple PHP Code Injection Vulnerabilities

SMF - index.php HTML Injection Multiple PHP Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/59409/info SMF is prone to an HTML-injection and multiple PHP code-injection vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on ...

IIS 7.5 解析错误 命令执行漏洞

IIS是由微软公司提供的基于运行Microsoft Windows的互联网基本服务，其7.0、7.5版本在URI中出现xxx.jpg/xxx.php这样形式的访问时与后端FastCGI处理不一致，导致攻击者可以通过在图片中嵌入PHP代码，然后以xxx.jpg/xxx.php的形式来访问图片，IIS就会执行图片中的PHP代码，导致命令执行漏洞。 IIS 7.0、7.5...

SMF - &#039;/index.php&#039; HTML Injection / Multiple PHP Code Injection Vulnerabilities

source: https://www.securityfocus.com/bid/59409/info SMF is prone to an HTML-injection and multiple PHP code-injection vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the affected application and...

Code injection

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables...

CVE-2013-0132

The CVE-2013-0132 entry documents a vulnerability in Parallels Plesk Panel 11.0.9 where the suexec implementation uses a cgi-wrapper whitelist entry that, because suexec does not sanitize environment variables, allows a user-assisted remote attacker to execute arbitrary PHP code via a crafted req...

Sosci Survey 2.x Bypass / XSS / Command Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage: https://www.soscisurvey.de...

Sosci Survey - Multiple Vulnerabilities

Sosci Survey - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/59278/info Sosci Survey is prone to following security vulnerabilities: 1. An unauthorized-access vulnerability 2. Multiple cross-site scripting vulnerabilities 3. Multiple HTML-injection vulnerabilities 4. A PHP...

Sosci Survey - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/59278/info Sosci Survey is prone to following security vulnerabilities: 1. An unauthorized-access vulnerability 2. Multiple cross-site scripting vulnerabilities 3. Multiple HTML-injection vulnerabilities 4. A PHP code-execution vulnerability Successful...

CMSLogik 1.2.1 Shell Upload

!/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...

CMSLogik 1.2.1 - Multiple Vulnerabilities

CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. The vulnerability is caused...

CMSLogik 1.2.1 - Multiple Vulnerabilities

CMSLogik 1.2.1 - Multiple Vulnerabilities !/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter,...

CMSLogik 1.2.1 - Multiple Vulnerabilities

!/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...

EasyPHP Webserver Multiple Vulnerabilities

This host is running EasyPHP Webserver and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbeasyphpwebservermultvuln.nasl 6115 2017-05-12 09:03:25Z teissa $ EasyPHP Webserver Multiple Vulnerabilities Authors: Antu Sanadi Copyright: Copyright C 2013 Greenbone Networks GmbH,...

EasyPHP - &#039;/index.php&#039; Authentication Bypass / Remote PHP Code Injection

source: https://www.securityfocus.com/bid/58945/info EasyPHP is prone to an authentication bypass and a PHP code execution vulnerability. Attackers may exploit these issues to gain unauthorized access to the affected application and perform arbitrary actions or execute arbitrary PHP code within t...