Sugar CRM 5.5.0.rc25.2.0j - Multiple Vulnerabilities

Sugar CRM 5.5.0.rc25.2.0j - Multiple Vulnerabilities Author: Janek Vind 'waraxe' Vulnerable: SugarCRM SugarCRM 5.5.0.RC2 SugarCRM SugarCRM 5.2.0j Product: http://www.sugarcrm.com/crm/ Description: SugarCRM is prone to multiple remote vulnerabilities, including: 1. Multiple SQL-injection...

CVE-2009-4094

PHP remote file inclusion vulnerability in class/php/d4majaxpagenav.php in the D4J eZine comezine component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSmosConfigabsolutepath parameter...

OpenX <= 2.8.1 执行任意PHP代码

No description provided by source. OpenX adserver version 2.8.1 and lower is vulnerable to remote code execution. To be exploited, this vulnerability requires banner / file upload permissions, such as granted to the 'advertiser' and 'administrator' roles. This vulnerability is caused by the...

WordPress Multiple Vulnerabilities (Nov 2009)

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

WordPress 2.8.5 Shell Upload

============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted File Upload Arbitrary PHP Code...

FreeBSD : wordpress -- multiple vulnerabilities (0640198a-d117-11de-b667-0030843d3802)

secunia reports : The security issue is caused due to the wpcheckfiletype function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. Successful exploitation of this...

Jumi Component for Joomla! <= 2.0.5 Backdoor Detection

The version of Joomla! running on the remote host is affected by a backdoor that is part of a trojan installation of Jumi, a third-party component used for including custom code into Joomla!. An unauthenticated, remote attacker can exploit this backdoor, by using specially crafted input to the...

New Wordpress Update Thwarts Malware

The WordPress developers have released security update 2.8.6 to fix two vulnerabilities. WordPress users are advised to install the update as soon as possible if untrusted authors can add content and upload images. At least one of the bugs allows attackers to inject and execute arbitrary PHP code...

WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

No description provided by source. ============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted...

WordPress Core &lt; 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted File Upload Arbitrary PHP Code...

osCommerce file_manager.php Arbitrary PHP Code Injection

The version of osCommerce hosted on the remote web server allows a remote attacker to access the Admin filemanager utility without authentication. Further, this utility appears to allow arbitrary PHP code to be stored in files under the web server's document directory and then executed subject to...

osCommerce file_manager.php Arbitrary PHP Code Injection (intrusive check)

The version of osCommerce hosted on the remote web server allows a remote attacker to access the Admin filemanager utility without authentication. Further, this utility appears to allow arbitrary PHP code to be stored in files under the web server's document directory and then executed subject to...

TikiWiki jhot Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'TikiWiki jhot...

CVE-2009-3817

PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary combooklibrary component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this...

Code injection

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

CVE-2009-3814

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

Code injection

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party...

CVE-2009-3760

CVE-2009-3760 affects the Citrix XenCenterWeb XenServer Resource Kit sample code: a vulnerability in config/writeconfig.php where the pool1 parameter enables static code injection into include/config.ini.php, allowing remote attackers to inject arbitrary PHP code. Root cause is improper handling ...

WordPress Zaps Security Bugs in 'Hardening Release'

The WordPress blog software has been upgraded to version 2.8.5 to backport a number of security hardening changes to make WordPress-powered blogs more secure. Here’s a glimpse of some of the security fixes being pushed out: A fix for the Trackback Denial-of-Service attack that is currently being...

Piwik Build 1357 2009-08-02 Remote File Upload

Piwik Build , fclose$jfh; ? IV. PROOF OF CONCEPT ./libs/open-flash-chart/php-ofc-library/ofcuploadimag...