Maarch LetterBox 2.8 Unrestricted File Upload

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'Maarch LetterBox 2.8 Unrestricted File Upload', 'Description' = %q This module exploits a file upload vulnerabilit...

CVE-2014-7285

The management console on the Symantec Web Gateway SWG appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts...

Design/Logic Flaw

The management console on the Symantec Web Gateway SWG appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts...

CVE-2014-7285

The management console on the Symantec Web Gateway SWG appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts...

CVE-2014-7285

CVE-2014-7285 affects Symantec Web Gateway (SWG) appliances running versions prior to 5.2.2. The vulnerability is an authenticated OS command injection in the management console, due to improper input validation in PHP scripts (notably potentially in restore-related functionality). An authenticat...

SOL15876 - PHP vulnerability CVE-2013-2110

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

FreeBSD : yii -- Remote arbitrary PHP code execution (5a35bc56-7027-11e4-a4a3-001999f8d30b)

Yii PHP Framework developers report : We are releasing Yii 1.1.15 to fix a security issue found in 1.1.14. We urge all 1.1.14 users to upgrade their Yii to this latest release. Note that the issue only affects 1.1.14. All previous releases are not affected. Upgrading to this release from 1.1.14 i...

X2Engine 4.1.7 Unrestricted File Upload

-------------------------------------------------------------------------------- X2Engine = 4.1.7 FileUploadsFilter.php Unrestricted File Upload Vulnerability -------------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected...

CVE-2014-4672

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

Code injection

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

CVE-2014-4672

CVE-2014-4672 affects Yii PHP Framework 1.1.14: the CDetailView widget’s value property can be exploited to execute arbitrary PHP scripts on the server. Public documents state the issue arises when user input is used to configure the value attribute, enabling remote code execution. A fix was rele...

CVE-2014-4672

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

RIPS <= 0.53 Multiple Local File Inclusion Vulnerabilities

No description provided by source. RIPS = 0.53 Multiple Local File Inclusion Vulnerabilities Google Dork: allintitle: RIPS - A static source code analyser for vulnerabilities in PHP scripts Althout this script is not intended to be accesible from internet, there are some websites that host it...

JSBoard 2.0.x Remote Arbitrary Script Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11983/info JSBoard is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. If...

VBZoom 1.0 - Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5926/info It has been reported that VBZoom 1.01 may allow attackers to upload arbitrary files to a vulnerable system. The vulnerability is the result of VBZoom failing to properly validate the types of files that are...

SAGU-PRO 1.0 - Multiple Remote File Include Vulnerability

No description provided by source. \|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- SAGU-PRO v1.0 Multiple Remote File Include Vulnerability Script: http://gulbf.com.br/?q=node/145 Author: mat Mail: [email protected]...

Jax PHP Scripts 1.0/1.34/2.14/3.31 jax_linklists.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

vAuthenticate 2.8 - Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6605/info A vulnerability has been discovered in vAuthenticate. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attack...

WoW Roster 1.5 hsList.php subdir Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19269/info WoW Roster is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit may allow unauthorized users to execute remote PHP scripts;...

A+ PHP Scripts News Management System 0.3 Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/29912/info A+ PHP Scripts News Management System is prone to multiple input-validation vulnerabilities, including a remote file-include issue, multiple local file-include issues, and a cross-site scripting issue. An...