Quiz and Survey Master < 7.0.2 - Unauthenticated Arbitrary File Upload

Because the plugin doesn't validate the name of the uploaded file, an unauthenticated user could upload a PHP script with a double extension, e.g., script.php.jpg, and execute it on HTTP servers running a configuration such as Apache + PHP FastCGI. Edit WPScanTeam: This appears to be due to an...

CVE-2017-18923

beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials...

CVE-2017-18923

beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials...

Design/Logic Flaw

beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials...

CVE-2017-18923

beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials...

e-learning Php Script 0.1.0 - (search) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: e-learning Php Script 0.1.0 - 'search' SQL Injection Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script Version...

e-learning PHP Script 0.1.0 SQL Injection

Exploit Title: e-learning Php Script 0.1.0 - 'search' SQL Injection Date: 2020-06-29 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script Version: 0.1.0 Tested on: Kali Linux Source...

e-learning Php Script 0.1.0 - &#039;search&#039; SQL Injection

Exploit Title: e-learning Php Script 0.1.0 - 'search' SQL Injection Date: 2020-06-29 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script Version: 0.1.0 Tested on: Kali Linux Source...

CVE-2020-5577

Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and earlier Movable Type 6.5, Movable Type Advanced 6.5....

CVE-2020-5577

Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and earlier Movable Type 6.5, Movable Type Advanced 6.5....

Code injection

Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and earlier Movable Type 6.5, Movable Type Advanced 6.5....

CVE-2020-5577

Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and earlier Movable Type 6.5, Movable Type Advanced 6.5....

Online Course Registration 2.0 SQL Injection

Exploit Title: Online Course Registration 2.0 - Authentication Bypass Google Dork: N/A Date: 2020-04-25 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: 2.0 Tested on: Kali Linux...

Online Course Registration 2.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Course Registration 2.0 - Authentication Bypass Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: 2.0...

Online Course Registration 2.0 - Authentication Bypass

Exploit Title: Online Course Registration 2.0 - Authentication Bypass Google Dork: N/A Date: 2020-04-25 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: 2.0 Tested on: Kali Linux...

JVN#85942151: mailform vulnerable to cross-site scripting

mailform provided by keitai-site.net is a PHP script providing mail form functions to a website. mailform contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of an administrator who is accessing a website using mailform...

Remote Code Execution in extension "PHPUnit" (phpunit)

A PHP script located in “src/Util/PHP/eval-stdin.php” can be used to execute arbitrary PHP code in context of the webserver. The vulnerability is only exploitable if the vendor/ directory is publicly accessible...

CVE-2020-8440

controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...

Remote code execution

controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...

Neo Billing 3.5 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Neo Billing 3.5 - Stored Cross Site Scripting Vulnerability Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/neo-billing-accounting-invoicing-and-crm-software/20896547 Version: 3.5 CWE : CWE-79 Description...