DataLife Engine 9.7 - preview.php PHP Code Injection

DataLife Engine 9.7 - preview.php PHP Code Injection ------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://dleviet.com/ - Affect...

DataLife Engine 9.7 - 'preview.php' PHP Code Injection

------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://dleviet.com/ - Affected Version: 9.7 only. - Vulnerability Description: Th...

Drupal Video Module 任意PHP代码执行漏洞

BUGTRAQ ID: 57525 Drupal是一款开源的内容管理平台。 Drupal Video 7.x-2.x模块存在任意PHP代码执行漏洞，攻击者可利用此漏洞在Web服务器上下文中执行任意PHP代码。 0 Drupal Video module 厂商补丁： Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://drupal.org/project/video...

Floating Social Media Links Plugin for WordPress 'wpp' Parameter Remote File Inclusion

The Floating Social Media Links Plugin for WordPress installed on the remote host is affected by a remote file inclusion vulnerability due to a failure to properly sanitize user-supplied input to the 'wpp' parameter of the 'fsml-hideshow.js.php' script. This vulnerability could allow an...

CVE-2012-6509

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg...

Unrestricted file upload

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg...

SQLiteManager 1.2.4 - Remote PHP Code Injection

SQLiteManager 1.2.4 - Remote PHP Code Injection !/usr/bin/env python ''' Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit...

Server: Code execution in external storage

Due to not sufficiently sanitizing the user input in "settings/personal.php" in ownCloud 4.5.x before 4.5.6 an authenticated remote attackers may be able to execute arbitrary code by entering special crafted PHP code in the mount point settings. For more information please consult the official...

Joomla! com_collector Component Arbitrary File Upload Vulnerability (Jan 2013) - Active Check

Joomla! with comcollector component is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PHP-Charts - Arbitrary PHP Code Execution

PHP-Charts - Arbitrary PHP Code Execution =============================================================== Vulnerable Software: php-chartv1.0 Official Site: http://php-charts.com/ Vuln: PHP Code Execution. =============================================================== Tested On: Debian squeeze...

WordPress Shopping Cart Plugin Multiple Vulnerabilities

WordPress Shopping Cart Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

TYPO3 T3 jQuery Extension任意PHP代码执行漏洞

BUGTRAQ ID: 57280 Typo3是开源内容管理系统（CMS）和内容管理框架（CMF）。 TYPO3 T3 jQuery 2.2.0及之前版本对用户控制的输入使用了 "unserialize"，可被利用执行任意PHP代码。 0 TYPO3 T3 jQuery extension = 2.2.0 厂商补丁： TYPO3 ----- TYPO3已经为此发布了一个安全公告（typo3-ext-sa-2013-001）以及相应补丁: typo3-ext-sa-2013-001：TYPO3-EXT-SA-2013-001: Several vulnerabilities in thir...

Fedora 18 : drupal6-6.27-1.fc18 / drupal7-7.18-1.fc18 (2012-20746)

Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...

PHPLiteAdmin 1.9.3 - Remote PHP Code Injection

PHPLiteAdmin 1.9.3 - Remote PHP Code Injection Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in t...

Elastix < 2.4 PHP Code Injection Vulnerability

Elastix is prone to a PHP code injection vulnerability because it fails to properly sanitize user-supplied input. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Eaton MGE Network Shutdown Module Remote PHP Code Injection

A remote code execution vulnerability has been reported in Eaton MGE Network Shutdown Module...

Fedora 16 : drupal6-6.27-1.fc16 / drupal7-7.18-1.fc16 (2012-20794)

Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...

Fedora 17 : drupal6-6.27-1.fc17 / drupal7-7.18-1.fc17 (2012-20766)

Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...

Elastix 2.3 PHP Code Injection Vulnerability

Elastix versions prior to 2.4 php code injection exploit. ? / Exploit Title : Elastix 2.3 , Remote Command Execution Exploit Google Dork : WTF!!!! Version: Elastix All versions below 2.3 , Newer versions maybe affected as well ; Tested on: CentOS CVE : notyet Download Vuln software : elastix.org...

Elastix 2.3 PHP Code Injection

? / Exploit Title : Elastix 2.3 , Remote Command Execution Exploit Google Dork : WTF!!!! Version: Elastix All versions below 2.3 , Newer versions maybe affected as well ; Tested on: CentOS CVE : notyet Download Vuln software : elastix.org Author : Faris AKA i-Hmx Mail : [email protected] Home :...