Pandora FMS Authentication Bypass And Multiple Input Validation Vulnerabilities

Pandora FMS is prone to an authentication-bypass vulnerability as well as the following input-validation vulnerabilities: 1. A command-injection vulnerability 2. Multiple SQL-injection vulnerabilities 3. A remote file-include vulnerability 4. An arbitrary PHP-code-execution vulnerability 5...

vtiger CRM phprint.php lang_crm Parameter Local File Inclusion

The version of vtiger CRM installed on the remote host does not sanitize user input to the 'langcrm' parameter of the 'phprint.php' script before using it to include PHP code. An unauthenticated, remote attacker may be able to leverage this issue to view arbitrary files or possibly execute...

RSForm! Component for Joomla! 'lang' Parameter Local File Include

The version of the RSForm! component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'lang' parameter before using it in the forme.php script to include PHP code. An unauthenticated, remote attacke...

MetInfo 3.0 PHP code injection vulnerability(getshell)-vulnerability warning-the black bar safety net

Official website: http://www.metinfo.cn/ Keyword:"Powered by MetInfo 3.0" Description: In the file/include/common. inc. php 6 line 7: evalbase64decode$allclass0; $allclass0 variable is not initialized, so we can control its value, the code injection use. POC: the...

JAF CMS Multiple Remote File Include and Remote Shell Command Execution Vulnerabilities

JAF CMS is prone to an shell-command-execution vulnerability and multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit the remote shell-command-execution issue to execute arbitrary shell commands in the context...

RoSPORA <= 1.5.0 Remote PHP Code Injection

Exploit for php platform in category web applications ========================================== RoSPORA '; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.'...

RoSPORA 1.5.0 - Remote PHP Code Injection

RoSPORA 1.5.0 - Remote PHP Code Injection '; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter...

RoSPORA 1.5.0 - Remote PHP Code Injection

'; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter passed through $GET's' isn't properly...

Joomla! JomSocial component arbitrary file upload vulnerability and fix-vulnerability warning-the black bar safety net

Affected version: JomSocial JomSocial 1.8.9 vulnerability description: Joomla! Is an open source content management system CMS to. Joomla! JomSocialy Assembly on the realization of the presence of design vulnerabilities, a remote attacker could exploit this vulnerability to upload arbitrary files...

Webboard (topic_id=) SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================ Webboard topicid= SQL Injection Vulnerability ================================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. cucunya kongSANUN ;...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 body, 2 footer, 3 header, 4 menuleft, or 5 menuright parameter...

Multi-lingual E-Commerce System 0.2 Multiple Vulnerabilities - Active Check

Multi-lingual E-Commerce System is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP168 V6. 0 2 getshell 0day-vulnerability warning-the black bar safety net

First register a member,after landing on the address bar submit: http://v6.php168.com/member/post.php?only=1&showHtmlTypebencandy1=$phpinfo&aid=1&job=endHTML You can see the implementation of the phpinfo...

OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution

The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...

Joomla Component Mosets Tree 2.1.5 Shell Upload Vulnerability

No description provided by source. Exploit Title: Joomla Component Mosets Tree 2.1.5 Shell Upload Vulnerability Date: 6 September 2010 Author: jdc Software Link: http://www.mosets.com/tree/ Version: 2.1.5 Patched: 2.1.6 Tested on: PHP5, MySQL5 Mosets Tree suffers from a shell upload vulnerabilty...

openx -- remote code execution vulnerability

The OpenX project reported: It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised. This vulnerability exists in the file upload functionality and allows...

Pecio CMS 'template' Multiple Remote File Include Vulnerabilities

This host is running Pecio CMS and is prone to multiple remote file inclusion vulnerabilities. OpenVAS Vulnerability Test $Id: gbpeciocmsmultrfivuln.nasl 5323 2017-02-17 08:49:23Z teissa $ Pecio CMS 'template' Multiple Remote File Include Vulnerabilities Authors: Madhuri D Copyright: Copyright c...

Pecio CMS <= 2.0.5 Multiple RFI Vulnerabilities

Pecio CMS is prone to multiple remote file inclusion RFI vulnerabilities. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

CVE-2010-3209

Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to 1 Config/Container.php and 2 HTML/QuickForm.php in fog/lib/pear/, the 3 driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the...

CVE-2010-3205

PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter...