7219 matches found
WordPress Plugin Rich Widget - Arbitrary File Upload
source: https://www.securityfocus.com/bid/55174/info The Rich WidgetPlugin for WordPress is prone to an arbitrary file-upload vulnerability. An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access...
WordPress Plugin Rich Widget - Arbitrary File Upload
WordPress Plugin Rich Widget - Arbitrary File Upload source: https://www.securityfocus.com/bid/55174/info The Rich WidgetPlugin for WordPress is prone to an arbitrary file-upload vulnerability. An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web...
Tiki Wiki CMS Groupware jhot.php RCE Vulnerability
Tiki Wiki CMS Groupware is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors...
CVE-2012-4343
Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors...
Code injection
The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors...
PBBoard - 'admin.php?xml_name' Arbitrary PHP Code Execution
source: https://www.securityfocus.com/bid/54916/info PBBoard is prone to multiple security vulnerabilities including: 1. Multiple SQL-injection vulnerabilities 2. A security-bypass vulnerability 3. An arbitrary file upload vulnerability Exploiting these issues could allow an attacker to carry out...
CVE-2012-3448
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors...
CVE-2012-3448
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors...
Design/Logic Flaw
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors...
CVE-2012-3448
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors...
CVE-2012-3448
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors...
CVE-2012-3448
CVE-2012-3448 is a remote PHP code execution vulnerability in Ganglia Web prior to 3.5.1. The issue arises from insufficient input sanitization in the Ganglia Web interface, enabling an attacker to execute arbitrary PHP code on the web server. Public sources in the connected set confirm the affec...
ecshop remote code execution vulnerability-vulnerability warning-the black bar safety net
Php code injection Target:http://www. cunlide. com/may is the author of the website ecshop version ominous seems 0 9 awvs sweep of the presence ofsql injection, php code injection, etc. a variety of vulnerabilities. Start test a variety of exp to no avail Php code injection requires a post to...
Am4ss 1.2 PHP Code Injection
10/2011 , Vulnerability discovered till now , i haven't reported the vendor , why!!! The idiot backdoored it by himself + the official site is fucked up ; 19/07/2012 , Public Disclosured C:\labphp am4ss.php localhost /lab/am4ss/ +---------------------------------------+ | Am4SS , PHP Code Injecti...
am4ss Support System 1.2 - PHP Code Injection
am4ss Support System 1.2 - PHP Code Injection 10/2011 , Vulnerability discovered till now , i haven't reported the vendor , why!!! The idiot backdoored it by himself + the official site is fucked up ; 19/07/2012 , Public Disclosured C:\labphp am4ss.php localhost /lab/am4ss/...
am4ss Support System 1.2 PHP Code Injection Exploit
Exploit for php platform in category web applications 10/2011 , Vulnerability discovered till now , i haven't reported the vendor , why!!! The idiot backdoored it by himself + the official site is fucked up ; 19/07/2012 , Public Disclosured C:\labphp am4ss.php localhost /lab/am4ss/...
pBot - Remote Code Execution
!/usr/bin/perl Exploit Title: pBot Remote Code Execution "" hostauth Date: 31.07.2012 Exploit Author: @bwallHatesTwits Software Link: https://www.firebwall.com/decoding/read.php?u=620d21fd31b87046e94975e03fdafa8a decoded from attempted attack Version: Various versions Tested on: Linux 3.2 use...
pBot Remote Code Execution
!/usr/bin/perl Exploit Title: pBot Remote Code Execution "" hostauth Date: 31.07.2012 Exploit Author: @bwallHatesTwits Software Link: https://www.firebwall.com/decoding/read.php?u=620d21fd31b87046e94975e03fdafa8a decoded from attempted attack Version: Various versions Tested on: Linux 3.2 use...
SugarCRM CE <= 6.3.1 "unserialize()" PHP代码执行漏洞
CVECAN ID: CVE-2012-0694 SugarCRM是开源的客户关系管理系统。 SugarCRM 6.4.0在"unserialize"的实现上存在安全漏洞,通过"SugarTheme"类的"destruct"方法的$REQUEST'currentquerybypage'输入变量传递临时序列化对象可导致执行任意PHP代码。 0 SugarCRM Community Edition = 6.3.1 厂商补丁: SugarCRM -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.sugarcrm.net/home/ ?p...