CVE-2019-6977

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...

Pimcore Gather Credentials via SQL Injection

This module extracts the usernames and hashed passwords of all users of the Pimcore web service by exploiting a SQL injection vulnerability in Pimcore's REST API. Pimcore begins to create password hashes by concatenating a user's username, the name of the application, and the user's password in t...

CVE-2018-10522

In CMS Made Simple CMSMS through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP filegetcontents function...

CVE-2018-10060

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitizeuri function in lib/functions.php...

CVE-2018-5711

gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...

[SECURITY] [DLA 758-1] libgd2 security update

Package : libgd2 Version : 2.0.36rc1dfsg-6.1+deb7u7 CVE ID : CVE-2016-9933 Debian Bug : 849038 It was discovered that invalid color causes stack exhaustion by recursive call to function gdImageFillToBorder when the image used is truecolor. The vulnerability can be exploited through php5 which use...

PHP 5.6.x < 5.6.29 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities : - A memory corruption issue exists in the phpwddxpushelement function in ext/wddx/wddx.c that is triggered when decoding empty boolean...

Non-Exploitable Security Issues

Invalid Code The following code was found in the XOOPS project. User input is saved in the variable $filter and then used in a call to eval - a security nightmare. image.php 301 302 303 $filter = isset$GETfilter ? $GETfilter : false; $destinationimage = imagecreatetruecolor$tnwidth, $tnheight;...

InfraPower PPS-02-S Q213V1 - Remote Command Execution

InfraPower PPS-02-S Q213V1 - Remote Command Execution InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...

Fashion Shopping Cart 0.1 - SQL Injection

Exploit Title.............. Fashion Shopping Cart SQL Injection Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/10435 Software Link...

Health Record System 0.1 - Authentication Bypass

Health Record System 0.1 - Authentication Bypass Exploit Title.............. Health Record System Auth Bypass Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/10430 Software...

Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution

i? Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/hardwareproducts/icu-7000-2/ Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1....

CVE-2016-6288

The phpurlparseex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via vectors involving the smartstr data type...

CVE-2016-6296

Integer signedness error in the simplestringaddn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...

sNews CMS 1.7.1 CSRF / Cross Site Scripting / Code Execution

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent...

Centreon 2.5.3 Code Execution

Unauthenticated Remote Command Execution in Centreon Web Interface ================================================================== Description =========== Centreon is a popular monitoring solution. A critical vulnerability has been found in the Centreon logging class allowing remote users to...

Centreon 2.5.3 - Remote Command Execution

Centreon 2.5.3 - Remote Command Execution Unauthenticated Remote Command Execution in Centreon Web Interface ================================================================== Description =========== Centreon is a popular monitoring solution. A critical vulnerability has been found in the Centreo...

SSO Authentication Bypass and Website Takeover in DOKEOS

High-Tech Bridge Security Research Lab discovered a high-risk vulnerability in a popular e-learning software DOKEOS. A remote unauthenticated attacker can bypass authentication process and login to the vulnerable website with an arbitrary account including administrator's one. Successful...

CVE-2014-7178

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function...

Design/Logic Flaw

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function...