7219 matches found
MiniCMS 1.02.0 - PHP Code Injection
MiniCMS 1.02.0 - PHP Code Injection Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx...
MiniCMS 1.0/2.0 - PHP Code Injection
Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0d3 | sp. Cyb3r-Crystal |...
[PT-2011-02] PHP code Injection in Kayako Support Suite
----------------------------------------------------------------- PT-2011-02 Positive Technologies Security Advisory PHP code Injection in Kayako Support Suite ----------------------------------------------------------------- --- Vulnerable software Kayako Support Suite Version: 3.70.02-stable an...
appRain CMF 0.1.5 - 'Uploadify.php' Unrestricted Arbitrary File Upload
?php / --------------------------------------------------------------------- appRain CMF = 0.1.5 uploadify.php Unrestricted File Upload Exploit --------------------------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotco...
Multiple vulnerabilities in ZENphoto
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ZENphoto, which can be exploited to perform arbitrary PHP code execution, sql injection and cross site scripting attacks. 1 Arbitrary PHP Code Execution in ZENphoto: CVE-2012-0993 Input passed via...
Kayako Support Suite 3.70.02 PHP Code Execution
----------------------------------------------------------------- PT-2011-02 Positive Technologies Security Advisory PHP code Injection in Kayako Support Suite ----------------------------------------------------------------- --- Vulnerable software Kayako Support Suite Version: 3.70.02-stable an...
ImpressPages CMS 1.0.12 Code Execution
======= Summary ======= Name: Remote code execution in ImpressPages CMS Release Date: 5 January 2012 Reference: NGS00109 Discoverer: David Middlehurst Vendor: ImpressPages Vendor Reference: Systems Affected: ImpressPages CMS 1.0.12 Risk: High Status: Published ======== TimeLine ======== Discovere...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers and phpMyAdmin Security Advisories referenced below for details. Impact Remote attackers might be able to insert and...
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection
------------------------------------------------------------------------- Tiki Wiki CMS Groupware = 8.2 snarfajax.php Remote PHP Code Injection ------------------------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............:...
JVN#40498018: WordPress vulnerable to arbitrary PHP code execution
WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Update the software Update to the latest...
Tiki Wiki CMS Groupware 8.2 - snarf_ajax.php Remote PHP Code Injection
Tiki Wiki CMS Groupware 8.2 - snarfajax.php Remote PHP Code Injection ------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1®exres=phpinfo®ex=//e%00/ Tiki internal filters remove all null bytes from user input, but for...
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Injection
Exploit for php platform in category web applications ------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1®exres=phpinfo®ex=//e%00/ Tiki internal filters remove all null bytes from user input, but for some strange...
Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection
------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1®exres=phpinfo®ex=//e%00/ Tiki internal filters remove all null bytes from user input, but for some strange reason this doesn't happen within admin sessions. So,...
CVE-2011-4825
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted...
Code injection
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted...
Traq admincp/common.php Remote Code Execution
This module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located in the /admicp/ directory to make sure the user has admin rights. This is a broken authorization schema because the header...
Docebo Lms 4.0.4 - Messages Remote Code Execution
Docebo Lms 4.0.4 - Messages Remote Code Execution if$GLOBALS'modname' != '' $modulecfg =& createModule...
Traq 2.3 - Authentication Bypass / Remote Code Execution
group'isadmin' 32. header"Location: login.php"; 33. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header function doesn't stop the execution flow. This can be exploited by malicio...
WikkaWiki Multiple Security Vulnerabilities
WikkaWiki is prone to multiple security vulnerabilities, including: - An SQL injection vulnerability. - An arbitrary file upload vulnerability. - An arbitrary file deletion vulnerability. - An arbitrary file download vulnerability. - A PHP code injection vulnerability. SPDX-FileCopyrightText: 201...
WikkaWiki Multiple Security Vulnerabilities
WikkaWiki is prone to multiple security vulnerabilities, including: 1. An SQL injection vulnerability. 2. An arbitrary file upload vulnerability. 3. An arbitrary file deletion vulnerability. 4. An arbitrary file download vulnerability. 5. A PHP code injection vulnerability. Attackers can exploit...