CVE-2011-0771

The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...

CVE-2011-0771

The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...

CVE-2009-5053

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file...

CVE-2009-5053

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file...

Code injection

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file...

CVE-2009-5053

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file...

CVE-2009-5053

Technical details about CVE-2009-5053 are not publicly provided in the supplied documents. Monitor for updates; current sources do not specify affected products, versions, or remediation within the provided material.

MODx Evo 1.0.4 (and prior) SQL Injection and Directory Traversal Vulnerabities

Status: Solved Product: MODx Evolution Severity: High Versions: 1.0.4 and prior Advisory Date: 2011-01-26 Fixed Date: 2011-01-19 Impact: a A remote attacker may access or view arbitrary files on the server. b A remote attacker may execute arbitrary PHP code as a result of SQL injection. Descripti...

HDWiKi V 5.0 local include vulnerability 0Day-vulnerability warning-the black bar safety net

Release date: 2011-01. 2 3 Publishing author: HYrz Affected versions: HDWiKi V 5.0 Official website: http://kaiyuan.hudong.com Vulnerability type: a file that contains Vulnerability description: From the source code see there is indeed a problem,we just Upload a picture of the Trojan can be norma...

JVN#54092716: MODx Evolution vulnerable to SQL injection

MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx Evolution contains SQL injection vulnerability. Impact A remote attacker may execute arbitrary PHP code as a result of SQL injection. Solution Update the software Update to the latest version according to the...

CVE-2011-0635

Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...

Code injection

Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...

CVE-2011-0635

Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...

CVE-2011-0635

CVE-2011-0635 affects Simploo CMS 1.7.1 and earlier. The vulnerability is a static code injection flaw where remote authenticated users can inject arbitrary PHP into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation of index.php. ...

HDWiKi V 5.0 local contains 0Day-vulnerability warning-the black bar safety net

| 漏洞 文件 :\install\install.php Key code: ? php errorreportingEERROR | EWARNING | EPARSE; define'INHDWIKI', TRUE; define'HDWIKIROOT', '../'; $langname=$COOKIE'langname';/langname without any filter,direct from the Cookies deposited in langname/ ifisset$REQUEST'lang' / Detect whether the variable is...

Simploo CMS 1.7.1 PHP Code Execution

Exploit for php platform in category web applications Simploo CMS Community Edition - Remote PHP Code Execution Issue Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits...

Simploo CMS Community Edition - Remote PHP Code Execution Issue

Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity Affected Products: ============= Simploo CMS 1.7.1 and...

Simploo CMS 1.7.1 - PHP Code Execution

Simploo CMS 1.7.1 - PHP Code Execution Simploo CMS Community Edition - Remote PHP Code Execution Issue Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits =============...

Simploo CMS 1.7.1 - PHP Code Execution

Simploo CMS Community Edition - Remote PHP Code Execution Issue Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of...

Design/Logic Flaw

Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors...