Real Estate Custom Script 1.0 SQL Injection

Exploit Title: Real Estate Custom Script - 'route' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.13.3 Email:...

Real Estate Custom Script - route SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Real Estate Custom Script - 'route' SQL Injection Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 1.0 Tested on: Kali Linux...

Arbitrary File Read Vulnerability in LFCMS Version 3.4.0

LFCMS is a film and television content management system developed in PHP and based on THINKPHP framework suitable for all kinds of video, film and television websites. LFCMS 3.4.0 version of the arbitrary file reading vulnerability, attackers can use the vulnerability to obtain the source code o...

Debian DLA-1241-1 : libkohana2-php security update

David Sopas discovered that Kohana, a PHP framework, was vulnerable to a Cross-site scripting XSS attack that allowed remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php. This issue was resolved by...

[SECURITY] Fedora 27 Update: php-symfony4-4.0.1-1.fc27

Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...

SQL Injection Vulnerability in check_need_status, check_pay_sum Methods of WK+shop General Mall System

WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. WK+shop general mall system checkneedstatus, checkpaysum method SQL injection vulnerability, attackers can construct a specif...

[SECURITY] Fedora 26 Update: php-symfony-2.8.25-1.fc26

PHP framework for web projects...

Finecms SQL Injection Vulnerability

FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. A SQL injection vulnerability exists in Finecms 5.0.8 and earlier versions, due to the program failing to effectively filter user input parameters. Allows attackers to exploit the vulnerability by writi...

Debian Security Advisory DSA 3588-1 (symfony - security update)

Two vulnerabilities were discovered in Symfony, a PHP framework. CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions randombytes or opensslrandompseudobytes are not available, the outp...

DSA-3588-1 symfony - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3588-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 22 Update: php-symfony-2.7.13-1.fc22

PHP framework for web projects...

[SECURITY] Fedora 24 Update: php-symfony-2.7.13-1.fc24

PHP framework for web projects...

MGASA-2016-0156 Updated php-ZendFramework packages fix security vulnerability

The php-ZendFramework package has been updated to version 1.12.18 to fix a potential information disclosure and insufficient entropy vulnerability in the word CAPTCHA ZF2015-09 and several other functions ZF2016-01...

Symfony PHP Framework Session Fixation

Advisory: Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality A session fixation vulnerability within the Symfony web application framework's "Remember Me" login functionality allows an attacker to impersonate the victim towards the web application if the session ID value...

[SECURITY] Fedora 22 Update: php-symfony-2.7.7-2.fc22

PHP framework for web projects...

[SECURITY] Fedora 23 Update: php-symfony-2.7.7-2.fc23

PHP framework for web projects...

Neos CMS 2.0.3 Cross Site Scripting / Shell Upload Vulnerabilities

Neos CMS version 2.0.3 suffers from cross site scripting and remote shell upload vulnerabilities. Exploit Title: Neos/Flow multiple vulnerabilities Date: 24/11/2015 Author: Mickael Dorigny @ Synetis Vendor or Software Link: https://www.neos.io/ Version: = 2.0.3 Category: Multiple Vulnerabilities...

Neos CMS 2.0.3 Cross Site Scripting / Shell Upload

Exploit Title: Neos/Flow multiple vulnerabilities Date: 24/11/2015 Author: Mickael Dorigny @ Synetis Vendor or Software Link: https://www.neos.io/ Version: = 2.0.3 Category: Multiple Vulnerabilities Tested on : Neos 2.0.3 Neos/Flow Content Application Platform description :...

Debian DSA-3369-1 : zendframework - security update

Multiple vulnerabilities were discovered in Zend Framework, a PHP framework : - CVE-2015-5723 It was discovered that due to incorrect permissions masks when creating directories, local attackers could potentially execute arbitrary code or escalate privileges. - ZF2015-08 no CVE assigned Chris...