CVE-2014-7178

Enalean Tuleap prior to 7.5 (listed variants include 7.4.99.5 and earlier; fixed in 7.5) is vulnerable to remote command execution via the User-Agent header passed to the passthru PHP function (via the SVN handler page). This is triggered by crafted requests such as /svn/viewvc.php/?roottype=svn&...

CVE-2014-7178

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function...

PineApp Mail-SeCure livelog.html Arbitrary Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

DSA-2853-1 horde3 - Remote code execution

Bulletin has no description...

WordPress Semper Fi Cross Site Scripting

------------------------------------------------------------------------ Vendor: Semper Fi Web Design http://semperfiwebdesign.com/ Software: All in One SEO Pack Developer: Michael Torbert http://michaeltorbert.com/ Product URL: http://wordpress.org/plugins/all-in-one-seo-pack/ Changelog:...

PineApp Mail-SeCure - 'ldapsyncnow.php' Arbitrary Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PineApp Mail-SeCure ldapsyncnow.php...

PineApp Mail-SeCure livelog.html Arbitrary Command Execution

This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the livelog.html component, due to the insecure usage of the shellexec php function. This module has been tested successfully on PineApp Mail-SeCure 3.70. This module requires Metasploi...

PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution

This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the testliconnection.php component, due to the insecure usage of the system php function. This module has been tested successfully on PineApp Mail-SeCure 3.70. This module requires...

Narcissus Image Configuration - Passthru (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Narcissus Image...

WordPress Facebook Survey Plugin 1.0 - SQL Injection

This WordPress Facebook Survey plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Filter the "id" input or use the intval PHP function to make sure...

WordPress Facebook Survey Plugin 1.0 - SQL Injection

This WordPress Facebook Survey plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Filter the "id" input or use the intval PHP function to make sure...

phpcms 2 0 0 8 product.php the pagesize parameter code injection vulnerability-vulnerability warning-the black bar safety net

SSV-Appdir: phpcms Published: 2011-10-12 Affected version: phpcms 2 0 0 8 Vulnerability description: phpcms 2 0 0 8 of the code due to the template parameter improper handling can lead to arbitrary execution of arbitrary code file. The specific code triggering the path is this: phpcms/yp/product...

phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection

$Id: phpldapadminqueryengine.rb 14062 2011-10-25 16:19:55Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2011-3580

IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function...

Design/Logic Flaw

Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...

PHP application vulnerability causes and prevention methods-vulnerability warning-the black bar safety net

Abuse include 1. Vulnerability reasons: The Include is to write a PHP website, the most commonly used functions, and supports relative paths. There are many PHP scripts directly to an input variable as the Include parameter, causing any references to scripts, an absolute path leaks and other...

Seo Panel 2.1.0 - Critical File Disclosure

Seo Panel - Critical File Disclosure Versions Affected: 2.1.0 previous versions were not checked. Info: A complete open source seo control panel for managing search engine optimization of your websites. Seo Panel is a seo tool kit includes latest hot seo tools to increase and track the performace...

Zen Cart 1.3.9h Local File Inclusion Vulnerability

Exploit for php platform in category web applications ================================================== Zen Cart 1.3.9h Local File Inclusion Vulnerability ================================================== Name Zen Cart Vendor http://www.zen-cart.com Versions Affected 1.3.9h Author Salvatore...

Zen Cart 1.3.9h - Local File Inclusion

Zen Cart 1.3.9h Local File Inclusion Vulnerability Name Zen Cart Vendor http://www.zen-cart.com Versions Affected 1.3.9h Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-11-03 X. INDEX I. ABOUT THE APPLICATION II...

Canteen Joomla Component 1.0 Multiple Remote Vulnerabilities

Canteen Joomla Component 1.0 Multiple Remote Vulnerabilities Name Canteen Vendor http://www.miniwork.eu Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-04-07 X. INDEX I. ABOUT THE APPLICATION II...