CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

CVE-2020-10257

CVE-2020-10257 concerns the WordPress ThemeREX Addons plugin prior to 2020-03-09. The issue is an access-control flaw in the /trx_addons/v2/get/sc_layout REST API endpoint: includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter, allowing unauthenticated users...

openSUSE Security Update : php7 (openSUSE-2020-80)

This update for php7 fixes the following issues : - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class bsc1159923. - CVE-2019-11046: Fixed an information leak in bcshiftaddsub bsc1159924. - CVE-2019-11047, CVE-2019-11050: Fixed...

ElegantThemes (Divi, Extra, divi-builder < 4.0.10) - Authenticated Code Injection

Description "A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions." Affected: Divi version 3.23 and above, Extra 2.23 and above Divi Builder version 2.23 and above...

CVE-2008-1066

The modifier.regexreplace.php plugin in Smarty before 2.6.19, as used by Serendipity S9Y and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string...

FDsploit - File Inclusion And Directory Traversal Fuzzing, Enumeration & Exploitation Tool

A File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. FDsploit menu: $ python fdsploit.py -h | | \ | ||| | | | | | -| . | | . | | | || |/|| ||||| ||...ver. 1.2 Author: Christoforos Petrou game0ver ! usage: fdsploit.py -u | -f -h -p -d -e 0,1,2 -t -b -x -c -v --params...

Qards - Stored Cross-Site Scripting (XSS)

Google Dork: inurl:"plugins/qards" Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way. The vulnerable script...

Rockstar Games: Unserialize leading to arbitrary PHP function invoke

In this report, the researcher was able to demonstrate a method to run arbitrary PHP functions on www.rockstargames.com. Although we had previously disabled most harmful PHP functions, it was still possible to cause serious damage if this were to be exploited by a malicious party. To solve this...

[SECURITY] Fedora 23 Update: php-php-gettext-1.0.12-1.fc23

This library provides PHP functions to read MO files even when gettext is not compiled in or when appropriate locale is not present on the system...

FreePBX callmenum Remote Code Execution (CVE-2012-4869)

FreePBX is an open source software implementation of a telephone Private Branch eXchange PBX. A code execution vulnerability exists in FreePBX software. Remote attacker can exploit this vulnerability to inject arbitrary PHP functions and commands...

sNews CMS 1.7.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications + Credits: hyp3rlinx + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent Remote Command Execution Cross Site Request Forgeries CSR...

sNews CMS 1.7.1 - Multiple Vulnerabilities

sNews CMS 1.7.1 - Multiple Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type:...

php: NULL pointer dereference in XSLTProcessor class

A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language XSL transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT...

Wordpress Plugin CSSJockey Membership Modules Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Plugin CSSJockey Membership Modules Code Execution Vulnerability Exploit Author : NULLPointer Contact : https://www.facebook.com/xenith.gianni Date : 20/09/2014 Vendor Homepage :...

Nuked-Klan 1.3 - Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficien...

FreePBX config.php Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...

Cometchat Application - Multiple Vulnerabilities

No description provided by source. Exploit-DB Note 20-02-2013: A security patch appears to have been released to address the issue: http://www.cometchat.com/blog/cometchat-critical-security-update/ Info: All Cometchat Application Multiple Vulnerabilities Cometchat is a application which can be us...

FreePBX config php Code Execution (CVE-2014-1903)

FreePBX is an open source software implementation of a telephone Private Branch eXchange PBX. A code execution vulnerability exists in FreePBX software. Remote attacker can exploit this vulnerability to inject arbitrary PHP functions and commands...

FreePBX config.php Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "FreePBX config.php Remote Code Execution", 'Description' = %q This module exploits a vulnerability found in FreePBX version 2.9, 2.10...

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...