Lucene search
K

857 matches found

securityvulns
securityvulns
added 2015/08/24 12:0 a.m.212 views

3KITS CMS - SQL Injection Vulnerability

========================================================= + Title :- 3KITS CMS - SQL Injection Vulnerability + Date :- 23 - July - 2015 + Vendor Homepage :- http://www.3kits.com/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :- webapps + Google Dorks...

0.5AI score
Exploits0
0day.today
0day.today
added 2015/08/16 12:0 a.m.33 views

Thomson Reuters FATCA v5.1.0.30 - Local File Inclusion Vulnerability

Exploit for hardware platform in category web applications Title: Thomson Reuters FATCA - Local File Inclusion Author: Jakub Pałaczyński Date: 10. June 2015 CVE: CVE-2015-5952 Affected software: ================== All versions of Thomson Reuters FATCA below v5.2 Exploit was tested on:...

9.2AI score0.03424EPSS
Exploits2
0day.today
0day.today
added 2015/07/13 12:0 a.m.28 views

WordPress GD bbPress Attachments 2.1 Cross Site Scripting / Local File Inclusion Vulnerabilities

WordPress GD bbPress Attachments plugin version 2.1 suffers from a cross site scripting and Local File Inclusion Vulnerabilities Details ================ Software: GD bbPress Attachments Version: 2.1 Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/ Advisory report:...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2015/07/12 12:0 a.m.36 views

WordPress GD bbPress Attachments 2.1 Local File Inclusion

Details ================ Software: GD bbPress Attachments Version: 2.1 Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/ Advisory report: https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/ CV...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/07/11 12:0 a.m.25 views

ZenPhoto 1.4.8 - Multiple Vulnerabilities

ZenPhoto version 1.4.8 suffers from cross site scripting, remote SQL injection, and path traversal vulnerabilities. Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version...

7.6AI score
Exploits0
Cvelist
Cvelist
added 2015/06/10 6:0 p.m.28 views

CVE-2015-4153

Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a loadtemplate action to wp-admin/admin-ajax.php...

9.6AI score0.13405EPSS
Exploits5References6
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.151 views

Sqlbuddy Path Traversal Vulnerability

Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.sqlbuddy.com Version: 1.3.3 SQL Buddy is an open source web based MySQL administration application. Advisory Information: ================== sqlbuddy suffers from directory traversal whereby a user can mov...

0.2AI score
Exploits0
Prion
Prion
added 2015/04/29 10:59 p.m.12 views

Design/Logic Flaw

The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...

6.5CVSS7.9AI score0.06053EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2015/04/29 10:59 p.m.15 views

Directory traversal

Multiple directory traversal vulnerabilities in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via 1 .. dot dot sequences in the PATHINFO to index.php or 2 vectors involving a block value in the...

6.5CVSS7.6AI score0.14396EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2015/04/29 10:0 p.m.27 views

CVE-2015-1398

Multiple directory traversal vulnerabilities in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via 1 .. dot dot sequences in the PATHINFO to index.php or 2 vectors involving a block value in the...

7AI score0.14396EPSS
Exploits1References3
CVE
CVE
added 2015/04/29 10:0 p.m.57 views

CVE-2015-1398

Magento CE 1.9.1.0 and EE 1.14.1.0 are affected by multiple directory traversal vulnerabilities. An authenticated remote attacker can include and execute PHP files via (1) .. sequences in PATH_INFO to index.php, and (2) the ___directive parameter in Cms_Wysiwyg (Adminhtml) related to blockDirecti...

6.5CVSS7.2AI score0.14396EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2015/04/29 10:0 p.m.23 views

CVE-2015-3458

The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...

7.4AI score0.06053EPSS
Exploits1References4
0day.today
0day.today
added 2015/03/27 12:0 a.m.28 views

Berta CMS File Upload Bypass Vulnerability

Exploit for php platform in category web applications Berta CMS is a web based content management system using PHP and local file storage. http://www.berta.me/ Due to use of a 3rd party Berta CMS website to redirect links within a phishing email brought to our attention we checked the file upload...

7.1AI score
Exploits0
0day.today
0day.today
added 2015/02/08 12:0 a.m.22 views

DES exposure checker - Arbitary File Download Vulnerability

DES exposure checker is a free web application, used to see how real DES images look. This vulnerability allow kind of user can to download a file from the distant server, like PHP files, TXT file, etc. Theory : http://SERVER/getImage.php?name=FILE.EXT Example :...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2015/01/13 12:0 a.m.43 views

Facebook Open Redirect

Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability Domain: http://www.facebook.com Discover: Wang Jing, School of Physical and Mathematical Sciences SPMS, Nanyang Technological University NTU, Singapore...

7.4AI score
Exploits0
0day.today
0day.today
added 2014/12/02 12:0 a.m.64 views

TYPO3 Extension ke_dompdf 0.0.3 Remote Code Execution Vulnerability

The TYPO3 extension kedompdf contains a version of the dompdf library including all files originally supplied with it. This includes an examples page, which contains different examples for HTML-entities rendered as a PDF. This page also allows users to enter their own HTML code into a text box to...

7.5CVSS7.2AI score0.05573EPSS
Exploits4
NVD
NVD
added 2014/08/14 2:55 p.m.21 views

CVE-2012-0939

Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the reqspecid parameter to 1 reqSpecAnalyse.php, 2 reqSpecPrint.php, or 3 reqSpecView.php in requirements/. NOTE: some ...

6.5CVSS8AI score0.01176EPSS
Exploits2References7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

VisNetic WebMail 5.8.6 .6 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8018/info VisNetic WebMail is prone to an information disclosure vulnerability. Reportedly, by appending a dot '.' character to the end of a URI request to WebMail, the source code of PHP files may be returned in the web...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.113 views

Mail Manage EX 3.1.8 MMEX Script Settings Parameter Remote PHP File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10457/info Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

IAPR COMMENCE 1.3 - Multiple Remote File Inclusion Vulnerability

No description provided by source. iaprcommence 1.3 RFI --------------------- Author : ShAy6oOoN --------------------- Group : PitBull Crew --------------------- Script : iaprcommence 1.3 --------------------- Download :...

7.1AI score
Exploits0
Rows per page
Query Builder