WordPress HTML5 AV Manager Plugin 'custom.php' Arbitrary File Upload Vulnerability

WordPress HTML5 AV Manager Plugin is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress Asset Manager Plugin 0.2 'upload.php' Arbitrary File Upload Vulnerability - Active Check

WordPress Asset Manager Plugin is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress Asset Manager Plugin 0.2 - Arbitrary File Upload

WordPress Asset Manager plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation. Solution Update the plugin...

WordPress Plugin Picturesurf Gallery - 'upload.php' Arbitrary File Upload

source: https://www.securityfocus.com/bid/53894/info Picturesurf Gallery plugin is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary...

WordPress Plugin Picturesurf Gallery - upload.php Arbitrary File Upload

WordPress Plugin Picturesurf Gallery - upload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/53894/info Picturesurf Gallery plugin is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize...

Log1 CMS writeInfo() PHP Code Injection

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Gallery 3.06 - Unauthenticated File Upload PHP Code Execution

The Gallery by BestWebSoft WordPress plugin was affected by an Unauthenticated File Upload PHP Code Execution security vulnerability. PoC The vulnerable file was: http://www.example.com/wp-content/plugins/gallery-plugin/upload/php.php...

Gallery 3.06 - Unauthenticated File Upload PHP Code Execution

The Gallery by BestWebSoft WordPress plugin was affected by an Unauthenticated File Upload PHP Code Execution security vulnerability. The vulnerable file was: http://www.example.com/wp-content/plugins/gallery-plugin/upload/php.php...

Symantec Web Gateway 5.0.2.8 relfile File Inclusion Vulnerability

This module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minut...

Symantec Web Gateway 5.0.2.8 Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Symantec Web...

Symantec Web Gateway 5.0.2.8 Command Execution

Exploit for linux platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

AzDGDatingMedium 1.9.3 XSS / CSRF / SQL Injection / Directory Traversal

Exploit for php platform in category web applications ================================================= Vulnerable Software: AzDGDatingMedium Version 1.9.3 Official Site: http://www.azdg.com/ ================================================= ================================================= Teste...

AzDGDatingMedium 1.9.3 XSS / CSRF / SQL Injection / Directory Traversal

================================================= Vulnerable Software: AzDGDatingMedium Version 1.9.3 Official Site: http://www.azdg.com/ ================================================= ================================================= Tested: php.ini MAGICQUOTESGPC OFF Safe mode off / OS:...

phpList 2.10.9 - 'Sajax.php' PHP Code Injection

source: https://www.securityfocus.com/bid/53693/info PHPList is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the...

Small-Cms - hostname Remote PHP Code Injection

Small-Cms - hostname Remote PHP Code Injection source: https://www.securityfocus.com/bid/53703/info Small-Cms is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may...

phpList 2.10.9 - Sajax.php PHP Code Injection

phpList 2.10.9 - Sajax.php PHP Code Injection source: https://www.securityfocus.com/bid/53693/info PHPList is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may...

WeBid converter.php Remote PHP Code Injection

This module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution. This module requires Metasploit:...

Ajaxmint Gallery 1.0 Local File Inclusion

========================================================= VUlnerable Software: Ajaxmint Gallery version 1.0 @Software AjaxMint Gallery @Author Rajapandian - [email protected] http://ajaxmint.com/ =========================================================...

CVE-2012-2902

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor JCE component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as...

Unrestricted file upload

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor JCE component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as...