Finecms1. 7 3 The code of audit summary of the defect packaged and fixed-vulnerability warning-the black bar safety net

FineCMS is a paragraph based on PHP+MySql development of content management system, using the MVC design pattern to implement business logic with the presentation layer of the appropriate separation, so that web designers can easily design the ideal template, plug-in development features...

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the...

CVE-2012-4472

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the...

CVE-2012-4472

The CVE-2012-4472 issue affects the Drupal Drag & Drop Gallery module (6.x-1.5 and earlier). The vulnerability resides in upload.php, where unrestricted file uploads allow an attacker to upload a PHP-executable file (with an executable extension followed by a safe extension) and then access it vi...

Network Shutdown Module 3.21 Remote PHP Code Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/phpexe' class Metasploit3...

Network Shutdown Module 3.21 Remote PHP Code Injection

This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable...

Network Shutdown Module sort_values Credential Dumper

This module will extract user credentials from Network Shutdown Module versions 3.21 and earlier by exploiting a vulnerability found in lib/dbtools.inc, which uses unsanitized user input inside a eval call. Please note that in order to extract credentials, the vulnerable service must have at leas...

Piwik core/Loader.php Trojaned Distribution

The version of Piwik installed on the remote web server contains a trojaned backdoor, and allows the execution of arbitrary PHP code subject to the privileges under which the web server operates. It is likely to have been installed from a copy of the file 'latest.zip' downloaded from the project'...

CVE-2012-6046

Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter...

Code injection

Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter...

BuyClassifiedScript - PHP Code Injection

Exploit Title: buyclassifiedscript PHP code injection vulnerability Date: 25.11.201 Exploit Author: d3b4g Vendor Homepage: http://buyclassifiedscript.com/ Tested on:Windows 7 Blog: d3b4g.me ---------------------------------------------------------------------------------- This vulnerability allow...

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

Sql injection

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

Invision IP.Board 3.3.4 unserialize() PHP Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/phpexe' class Metasploit3...

Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Invision IP.Board %q This module...

CVE-2012-4553

Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."...

CVE-2012-4553

Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."...

Invision IP.Board unserialize() PHP Code Execution

This module exploits a php unserialize vulnerability in Invision IP.Board 'Invision IP.Board unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Invision IP.Board = 3.3.4 which could be abused to allow unauthenticated users to execute...

Invision Power Board 3.3.4 Unserialize REGEX Bypass

?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, "\0" === false if strpos $serialized...