7219 matches found
PHP Support Tickets 'page' Parameter Remote PHP Code Execution Vulnerability - Active Check
PHP Support Tickets is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...
CVE-2009-5095
PHP remote file inclusion vulnerability in indexinc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the incordner parameter...
JagoanStore CMS Arbitary file upload vulnerability
Software: JagoanStore CMS Vendor: www.jagoanstore.com Price: Rp.900.000 IDR Vuln Type: Arbitary file upload Author: eidelweiss contact: eidelweissatwindowslivedotcom Home: www.eidelweiss-advisories.blogspot.com Gratz: Devilzc0de, YOGYACARDERLINK, and YOU !!! References:...
Jcow Social Networking Script 4.2 <= 5.2 Arbitrary Code Execution
Exploit for php platform in category web applications Exploit Title: Jcow CMS 4.x:4.2 Software Link: http://sourceforge.net/projects/jcow/files/jcow4/jcow.4.2.1.zip/download Version: 4.x:4.2 5.6.7.8:34441 at Sat Jun 04 00:00:44 +0000 2011 require 'msf/core' class Metasploit3 'JCow CMS Remote...
PT-2011-02: PHP code Injection in Kayako Support Suite
Positive Research Center has discovered PHP code injection vulnerability in Kayako Support Suite. Application insufficiently verifies incoming data received via template editing form. An attacker with administration privileges can inject arbitrary PHP code via template editing feature with an...
JagoanStore CMS Shell Upload
=================================================================== JagoanStore CMS Arbitary file upload vulnerability =================================================================== Software: JagoanStore CMS Vendor: www.jagoanstore.com Price: Rp.900.000 IDR Vuln Type: Arbitary file upload...
JagoanStore CMS Arbitary file upload vulnerability
Exploit for php platform in category web applications =================================================================== JagoanStore CMS Arbitary file upload vulnerability =================================================================== Software: JagoanStore CMS Vendor: www.jagoanstore.com...
DVBBS 2.0 index_0_0.php 任意php代码执行漏洞
No description provided by source...
WordPress TimThumb 1.32 Code Execution
Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php Version: 1.32 Screenshot: See attachment...
VulnCheck KEV: CVE-2009-1151
Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...
Chyrp 2.x swfupload Extension - upload_handler.php Arbitrary File Upload Arbitrary PHP Code Execution
Chyrp 2.x swfupload Extension - uploadhandler.php Arbitrary File Upload Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/48672/info Chyrp is prone to multiple cross-site scripting vulnerabilities, a local file-include vulnerability, an arbitrary file-upload vulnerability, an...
Chyrp 2.x swfupload Extension - 'upload_handler.php' Arbitrary File Upload / Arbitrary PHP Code Execution
source: https://www.securityfocus.com/bid/48672/info Chyrp is prone to multiple cross-site scripting vulnerabilities, a local file-include vulnerability, an arbitrary file-upload vulnerability, and a directory-traversal vulnerability. An attacker may leverage these issues to execute arbitrary...
Code injection
uploadhandler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a writepost action to the...
Ecmall全版本本地文件包含漏洞
简要描述: Ecmall的默认处理中犯了一个严重的错误,绕开了系统中的保护逻辑从而导致可以包含任意文件以php代码执行 详细说明: eccore/ecmall.php内 if !getmagicquotesgpc $GET = addslashesdeep$GET; $POST = addslashesdeep$POST; $COOKIE= addslashesdeep$COOKIE; / 请求转发 / $defaultapp = $config'defaultapp' ? $config'defaultapp' : 'default'; $defaultact =...
CVE-2011-2507
libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...
Openslaed 1.2 Remote Shell Upload
?php / Vendor: www.slaed.net Download : http://www.slaed.net/uploads/files/public/openslaed.zip exploited by ..: eidelweiss Affected: Version 1.2 Other or lowers version may also be affected Greetz: yogyacarderlink Team, devilzc0de Team, Nofia Fitri unyu², whitehat, petimati, psycothicgirl, viska...
Open Slaed CMS v1.2 Remote Arbitrary File Upload Exploit
Exploit for php platform in category web applications ?php / Vendor: www.slaed.net Download : http://www.slaed.net/uploads/files/public/openslaed.zip exploited by ..: eidelweiss Affected: Version 1.2 Other or lowers version may also be affected Greetz: yogyacarderlink Team, devilzc0de Team, Nofia...
WeBid 1.0.2 - converter.php Remote Code Execution
WeBid 1.0.2 - converter.php Remote Code Execution checkmysql$res, $query, LINE, FILE; 157. $itemtitle = mysqlresult$res, 0, 'title'; Input passed through $REQUEST'auctionid' isn't properly sanitised before being used in the SQL query at line 154. - Vulnerable code to SQL injection works with...
WeBid 1.0.2 Remote Code Execution
checkmysql$res, $query, LINE, FILE; 157. $itemtitle = mysqlresult$res, 0, 'title'; Input passed through $REQUEST'auctionid' isn't properly sanitised before being used in the SQL query at line 154. - Vulnerable code to SQL injection works with magicquotesgpc = off in logout.php: 21. if...
WeBid 1.0.2 - 'converter.php' Remote Code Execution
checkmysql$res, $query, LINE, FILE; 157. $itemtitle = mysqlresult$res, 0, 'title'; Input passed through $REQUEST'auctionid' isn't properly sanitised before being used in the SQL query at line 154. - Vulnerable code to SQL injection works with magicquotesgpc = off in logout.php: 21. if...