EasyPHP - '/index.php' Authentication Bypass / Remote PHP Code Injection

source: https://www.securityfocus.com/bid/58945/info EasyPHP is prone to an authentication bypass and a PHP code execution vulnerability. Attackers may exploit these issues to gain unauthorized access to the affected application and perform arbitrary actions or execute arbitrary PHP code within t...

EasyPHP WebServer v.(all) <= Multiple Vulnerabilities

EasyPHP is Suffer from : + Auth Bypass + Remote Shell Injection / Remote Code Execute The Bug in EasyPHP WebServer Manager found because the PORTAL of Administration doesn't protected ! so just when you found the Admin-Portal - you can bypass the auth directly and remote attacker can get some...

FUDforum - Multiple Remote PHP Code Injection Vulnerabilities

FUDforum - Multiple Remote PHP Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/58845/info FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input...

FUDforum - Multiple Remote PHP Code Injection Vulnerabilities

source: https://www.securityfocus.com/bid/58845/info FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. Attackers may exploit these issues to execute arbitrary PHP code...

STUNSHELL (Web Shell) - PHP Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'STUNSHELL Web Shell Remote PHP Code...

CVE-2013-0224

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file...

Incomplete blacklist vulnerability - ownCloud

Incomplete blacklist vulnerability in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to upload a .htaccess file and therefore the execution of arbitrary PHP code in a standard Apache installation. Affect...

Server: Incomplete blacklist vulnerability

Incomplete blacklist vulnerability in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to upload a .htaccess file and therefore the execution of arbitrary PHP code in a standard Apache installation. For mo...

[Weevely] PHP Stealth Tiny Web Shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox...

PHP Code Injection in FUDforum

High-Tech Bridge Security Research Lab discovered vulnerability in FUDforum, which can be exploited to execute arbitrary PHP code on the target system. 1 PHP Code Injection in FUDforum: CVE-2013-2267 The vulnerability exists due to insufficient validation of HTTP POST parameters "regexstr",...

Multiple code executions - ownCloud

A code executions vulnerability in ownCloud 4.5.6 and 4.0.11 and all prior versions allow authenticated remote attackers to execute arbitrary PHP code via unspecified POST parameters to translations.php in /core/ajax/ Commits: 74e73bc stable4, ece08cd stable45 Risk: Critical A code executions...

Server: Multiple code executions

A code executions vulnerability in ownCloud 4.5.6 and 4.0.11 and all prior versions allow authenticated remote attackers to execute arbitrary PHP code via unspecified POST parameters to translations.php in /core/ajax/ Commits: 74e73bc stable4, ece08cd stable45 Risk: Critical A code executions...

Prizm Content Connect default.aspx document Parameter Remote File Inclusion

The remote web server hosts Prizm Content Connect, a fully customizable document viewer. The 'default.aspx' script included with the install fails to sanitize user input to the 'document' parameter before reading a file. A remote attacker can leverage this issue to view arbitrary files or execute...

ImpressPages cm_group Parameter Remote PHP Code Execution

The ImpressPages install hosted on the remote web server contains a flaw that allows arbitrary PHP code execution. Input passed to the 'cmgroup' parameter is not properly sanitized before being used in a PHP eval function call. An unauthenticated, remote attacker can leverage this vulnerability t...

HTTP File Server Multiple Vulnerabilities

HTTP File Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:httpfilesever:hfs";...

Ajax File Manager Remote Code Execution Exploit

Ajax File Manager is vulnable to execute abitrary php code injection, and not solution from the vendor. This is private exploit. You can buy it at https://0day.today...

php-Charts url.php Remote PHP Code Execution

The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/url.php' script is not properly sanitized before being used in a PHP eval call. An unauthenticated, remote attacker could leverage this vulnerability t...

ArrowChat 1.5.61 Cross Site Scripting / Local File Inclusion

ArrowChat versions 1.5.61 and below suffer from cross site scripting and local file inclusion vulnerabilities. Exploit Title: ArrowChat = 1.5.61 Multiple vulnerabilities Date: 01/01/2013 Exploit Author: Kallimero Vendor Homepage: http://www.sitexcms.org/ Version: 1.5.61, before, and maybe 1.6...

DataLife Engine preview.php PHP Code Injection

Exploit for php platform in category remote exploits require 'msf/core' class Metasploit3 'DataLife Engine preview.php PHP Code Injection', 'Description' = %q This module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure...

DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://dleviet.com/ -...