1408 matches found
Joomla Component JCE File Upload Remote Code Execution
This module exploits a vulnerability in the JCE component for Joomla!, which could allow an unauthenticated remote attacker to upload arbitrary files, caused by the fails to sufficiently sanitize user-supplied input. Sending specially-crafted HTTP request, a remote attacker could exploit this...
ClipShare 4.1.1 - gid Blind SQL Injection
ClipShare 4.1.1 - gid Blind SQL Injection Exploit Title: ClipShare 4.1.1 gmembers.php Blind SQL Injection Vulnerability Exploit Author: Esac Vulnerable Software: ClipShare - Video Sharing Community Script 4.1.4 Official site: http://www.clip-share.com Software License: Commercial. all versions ar...
ClipShare 4.1.1 - 'gid' Blind SQL Injection
Exploit Title: ClipShare 4.1.1 gmembers.php Blind SQL Injection Vulnerability Exploit Author: Esac Vulnerable Software: ClipShare - Video Sharing Community Script 4.1.4 Official site: http://www.clip-share.com Software License: Commercial. all versions are vulnerable: Note : this vulnerable work...
OpenEMR 4.1.1 Shell Upload
?php / OpenEMR 4.1.1 ofcuploadimage.php Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows,...
[SECURITY] [DSA 2610-1] ganglia security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2610-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez January 21, 2013 http://www.debian.org/security/faq -...
Uploader Plugin for WordPress File Upload Arbitrary Code Execution
The Uploader Plugin for WordPress installed on the remote host is affected by a file upload vulnerability due to a failure to properly verify or sanitize user-uploaded files. An unauthenticated, remote attacker can exploit this issue to upload files with arbitrary code and then execute them on th...
Forums Plugin for WordPress 'url' Parameter Arbitrary File Disclosure
The Forums Plugin for WordPress installed on the remote host is affected by an information disclosure vulnerability due to a failure to properly sanitize user-supplied input to the 'url' parameter of the zingforumoutput function in the zingiri-forum/forum.php script. An unauthenticated, remote...
Google Doc Embedder Plugin for WordPress 'File' Parameter Traversal Arbitrary File Disclosure
The Google Doc Embedder Plugin for WordPress installed on the remote host is affected by a file disclosure vulnerability due to a failure to properly sanitize user-supplied input to the 'file' parameter of the 'libs/pdf.php' script. This vulnerability could allow an unauthenticated, remote attack...
DSA-2610-1 ganglia - remote code execution
Bulletin has no description...
Debian Security Advisory DSA 2610-1 (ganglia - arbitrary script execution)
Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server. OpenVAS Vulnerability Test $Id: deb2610.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2610-1 using...
Debian: Security Advisory (DSA-2610-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Low: Red Hat Security Advisory: squirrelmail security and bug fix update
An updated squirrelmail package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Astium VoIP PBX <= v2.1 build 25399 Multiple Vulns Remote Root Exploit
Exploit for php platform in category web applications !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...
Astium VoIP PBX 2.1 build 25399 - Multiple Vulnerabilities/Remote Command Execution
!/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...
Astium VoIP PBX 2.1 Remote Root
!/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...
Astium VoIP PBX 2.1 build 25399 - Multiple VulnerabilitiesRemote Command Execution
Astium VoIP PBX 2.1 build 25399 - Multiple VulnerabilitiesRemote Command Execution !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...
CVE-2012-6428
The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...
Hardcoded credentials
Carlo Gavazzi EOS-Box with firmware before 1.0.0.10802.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862...
CVE-2012-6428 Carlo Gavazzi EOS Box Hard-Coded Credentials
The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...
PT-2012-6275 · Carlo Gavazzi · Eos-Box
Name of the Vulnerable Software and Affected Versions: Carlo Gavazzi EOS-Box versions prior to 1.0.0.1080 2.1.10 Description: The issue allows remote attackers to obtain administrative access by reading a password in a PHP script. This is due to the establishment of multiple hardcoded accounts...