Symantec Web Gateway < 5.2.2 Authenticated OS Command Injection (SYM14-016)

According to its self-reported version number, the remote web server is hosting a version of Symantec Web Gateway prior to version 5.2.2. It is, therefore, affected by a operating system OS command injection vulnerability in an unspecified PHP script which impacts the management console. A remote...

Symantec Web Gateway < 5.2.2 Command Injection Vulnerability

Symantec Web Gateway is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Symantec Web Gateway OS Authenticated Command Injection

SUMMARY Symantec's Web Gateway SWG Appliance management console is susceptible to operating system command injection by an authenticated but less-privileged user. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway Appliance | 5.2.1 and prior | Symantec Web Gateway 5.2...

LogAnalyzer < 3.6.6 index.php / detail.php 'hostname' Parameter XSS

The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize the 'hostname' value retrieved from log files. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be...

Creative Contact Form - Arbitrary File Upload

No description provided by source. ========================================================== "Creative Contact Form - The Best WordPress Contact Form Builder" - Arbitrary File Upload Author: Gianni Angelozzi Date: 08/10/2014 Remote: Yes Vendor Homepage:...

Mayhem Shellshock Infection Attempt

Mayhem uses a PHP script to drop malicious objects to the affected client...

[SECURITY] [DSA 3064-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3064-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 04, 2014 http://www.debian.org/security/faq -...

WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload

========================================================== "Creative Contact Form - The Best WordPress Contact Form Builder" - Arbitrary File Upload Author: Gianni Angelozzi Date: 08/10/2014 Remote: Yes Vendor Homepage: https://profiles.wordpress.org/creative-solutions-1/ Software Link:...

WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload

WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload ========================================================== "Creative Contact Form - The Best WordPress Contact Form Builder" - Arbitrary File Upload Author: Gianni Angelozzi Date: 08/10/2014 Remote: Yes Vendor Homepage:...

TimThumb 'timthumb.php' WebShot 'src' Parameter Remote Command Execution

The TimThumb 'timthumb.php' script installed on the remote host is affected by a remote command execution vulnerability due to a failure to properly sanitize user-supplied input to the 'src' parameter. A remote, unauthenticated attacker can leverage this issue to execute arbitrary commands on the...

Mayhem — A New Malware Targets Linux and FreeBSD Web Servers

Security researchers from Russian Internet giant Yandex have discovered a new piece of malware that is being used to target Linux and FreeBSD web servers in order to make them a part of the wide botnet, even without the need of any root privileges. Researchers dubbed the malware as Mayhem, a nast...

LoudBlog 0.41 index.php template Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote...

Orbis CMS 1.0.2 - Arbitrary File Upload Vulnerability

No description provided by source. 'Orbis CMS' Arbitrary Script Execution Vulnerability CVE-2010-4313 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Orbis CMS' filemanfileupload.php script that allows any authenticat...

Astium VoIP PBX <= 2.1 build 25399 - Multiple Vulns Remote Root Exploit

No description provided by source. !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX = v2.1 build 25399 Multiple Vulns Remote Root Exploit Date : 01-02-2012 Author :...

PayPal Store Front 3.0 'index.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This...

Tours Manager 1.0 - (cityview.php cityid) SQL Injection Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= IN THE NAME OF ALLAH -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Tour...

Gallery 1.4 index.php Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8814/info It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includes the...

Pluxml 0.3.1 - Remote Code Execution Exploit

No description provided by source. ?php C:\ sploit.php -url http://victim.com/pluxml0.3.1/ -ip 90.27.10.196 /Waiting for connection on http://90.27.10.196:80/ !Now you have to make the victim to click on the url +Received 395 bytes from 182.26.54.2:2007 +Sending 366 bytes to 182.26.54.2:2007...

AutoIndex PHP Script 2.2.2/2.2.3 Index.PHP Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. Successfully exploiting this issue allows remote attackers to consume...

Ultimate Uploader 1.3 - Remote File Upload Vulnerability

No description provided by source. ========================================================================== Script Name : Ultimate Uploader 1.3 Language : php Vendor : http://www.element-it.com Author : Master Mind Home : www.shdowskill.com , www.vbspiders.com...