UploadiFive Arbitrary File Upload Vulnerability

Exploit for php platform in category local exploits 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

NetOffice Dwins 1.4p3 - SQL Injection

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-11-08 netOffice Dwins openWorkHours$tmpquery; //5 SQL ..cut...

Multiple vulnerabilities in BabyGekko

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in BabyGekko, which can be exploited to include local PHP files, perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Multiple SQL Injections in BabyGekko: CVE-2012-5698 Two SQL injections exist in BabyGekko...

CVE-2011-5196

Cross-site request forgery CSRF vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files...

CVE-2011-5196

Cross-site request forgery CSRF vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files...

CVE-2011-5197

Cross-site request forgery CSRF vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files...

CVE-2011-5196

The CVE-2011-5196 entry concerns Public Knowledge Project Open Journal Systems (OJS) prior to version 2.3.6, with a CSRF flaw in the index/manager/fileUpload path. The underlying issue allows an attacker to hijack an administrator’s session and perform requests that upload PHP files. The document...

Sql injection

Multiple SQL injection vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 seldomainid or 2 action parameter to obm.php; 3 tfuser parameter in a search action to group/groupindex.php; 4...

Code injection

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php...

CVE-2012-1645

The Drupal CDN module (versions 6.x-2.2 and 7.x-2.2) is affected when used in Origin Pull mode with the Far Future expiration option. The vulnerability allows remote attackers to read arbitrary PHP files from the site (demonstrated by reading settings.php) via unspecified vectors, due to how the ...

CVE-2012-1645

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php...

Information disclosure

SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the 1 sapphire, 2 cms, or 3 mysite folders, which reveals the installation path in an error...

http-phpself-xss NSE Script

Crawls a web server and attempts to find PHP files vulnerable to reflected cross site scripting via the variable $SERVER"PHPSELF". This script crawls the webserver to create a list of PHP files and then sends an attack vector/probe to identify PHPSELF cross site scripting vulnerabilities. PHPSELF...

Kerio WinRoute Firewall Web Server Remote Source Code Disclosure

By sending specially crafted requests with a NULL byte followed by an extension such as '.txt', an unauthenticated, remote attacker can obtain the source code of PHP files available through the version of Kerio WinRoute Firewall installed on the remote host. %NASLMINLEVEL 70300 C Tenable Network...

EAFlashUpload Remote File Upload Vulnerability

Exploit for php platform in category web applications -------------------------------------------------------------------+ Exploit Title : EAFlashUpload Remote File Upload Date : 27-5-2012 Author : Dr.SiLnT HilL Version : 2.6 Dork : inurl:"EAFlashUpload" Download :...

Web2bizz Remote File UPLOAD

Exploit for php platform in category web applications +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Web2bizz Pvt. Ltd. RFUPLOAD Date : 20-04-2012 Author : TeaM MosTa Version : /N/ Dork : "Powered ...

CVE-2012-2269

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via 1 an arbitrary field to apps/contacts/ajax/addcard.php, 2 the parameter parameter to apps/contacts/ajax/addproperty.php, 3 the name parameter to...

Supernet CMS Blind SQL injection

Exploit for php platform in category web applications Exploit Title: Supernet CMS BlindSQLi Date: 22.03.2012 Google Dork/s: Greetz: Inj3ct0r 1337day Exploit DataBase 1337day.com allintext:"Vse pravice pridržane | © 2006 Supernet.si" site:.si allintext:"Vse pravice pridržane | © 2007 Supernet.si"...