drupal7 -- SQL injection

Drupal Security Team reports: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution...

SA-CORE-2014-005 - Drupal core - SQL injection

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the...

Croogo 2.0.0 - Arbitrary PHP Code Execution

!/usr/bin/env python Croogo 2.0.0 Arbitrary PHP Code Execution Exploit Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MV...

omegabill 1.0 build 6 - Multiple Vulnerabilities

No description provided by source. Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution...

Joomla! Component com_community 2.6 - Code Execution

Joomla! Component comcommunity 2.6 - Code Execution !/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla! JomSocial component. Note th...

CVE-2013-4557

The Security Screen core/securite/ecransecurite.php before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter...

DEBIAN-CVE-2013-4557

The Security Screen core/securite/ecransecurite.php before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter...

CVE-2013-4557

The Security Screen core/securite/ecransecurite.php before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter...

CVE-2013-4557

The Security Screen core/securite/ecransecurite.php before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter...

EC-CUBE vulnerable to code injection

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

CVE-2013-0132

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables...

Jieqi(Jackie)CMS V1. 6 PHP code execution 0day vulnerabilities EXP-vulnerability warning-the black bar safety net

Jackie website management system, referred to as the JIEQI CMS, China National copyright Bureau copyright registration number: 2006SR03382 is a modular site erected system with simple, flexible, superior performance, safe and reliable and other characteristics. We provide you with the current mos...

CVE-2011-5134

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: so...

CentOS Update for php53 CESA-2012:0547 centos5

Check for the Version of php53 OpenVAS Vulnerability Test CentOS Update for php53 CESA-2012:0547 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Drupal FCKEditor/CKEditor PHP Execution

?php Exploit Title: Drupal FCKEditor/CKEditor module remote PHP execution Date: March 19, 2012 Author: Patroscon Software Link: http://drupal.org/project/ckeditor, http://drupal.org/project/fckeditor Version: FCKEditor 6.x-2.2, CKEditor 6.x-1.8, CKEditor 7.x-1.6. Tested on: Linux, Windows Vendor...

Horde 3.3.12 open_calendar.js Backdoor

A backdoored Horde release was detected on the remote host. The Horde FTP server was compromised, and backdoor code was added to allow arbitrary PHP execution. The backdoor reportedly was present in versions of Horde 3.3.12 downloaded between November 15, 2011 and February 7, 2012. A remote,...

Aphpkb 0.95.4 PHP Execution

------------------------------------------------------------------------ --PoC--...

Joomla 1.6.0 SQL Injection / PHP Execution

Requirements require 'msf/core' Class declaration class Metasploit3 'Joomla 1.6.0 // SQL Injection - PHP Execution', 'Description' = %q A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage...

OmegaBill 1.0 Build 6 Multiple Vulnerabilities

Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution Download................http://sourceforge.net/projects/omegabill/ Release...

omegabill 1.0 build 6 - Multiple Vulnerabilities

Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution...