Maarch LetterBox 2.8 Unrestricted File Upload

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'Maarch LetterBox 2.8 Unrestricted File Upload', 'Description' = %q This module exploits a file upload vulnerabilit...

Design/Logic Flaw

The management console on the Symantec Web Gateway SWG appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts...

CVE-2014-7285

The management console on the Symantec Web Gateway SWG appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts...

CVE-2014-7285

The management console on the Symantec Web Gateway SWG appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts...

CVE-2014-7285

CVE-2014-7285 affects Symantec Web Gateway (SWG) appliances running versions prior to 5.2.2. The vulnerability is an authenticated OS command injection in the management console, due to improper input validation in PHP scripts (notably potentially in restore-related functionality). An authenticat...

SOL15876 - PHP vulnerability CVE-2013-2110

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

FreeBSD : yii -- Remote arbitrary PHP code execution (5a35bc56-7027-11e4-a4a3-001999f8d30b)

Yii PHP Framework developers report : We are releasing Yii 1.1.15 to fix a security issue found in 1.1.14. We urge all 1.1.14 users to upgrade their Yii to this latest release. Note that the issue only affects 1.1.14. All previous releases are not affected. Upgrading to this release from 1.1.14 i...

X2Engine 4.1.7 Unrestricted File Upload

-------------------------------------------------------------------------------- X2Engine = 4.1.7 FileUploadsFilter.php Unrestricted File Upload Vulnerability -------------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected...

CVE-2014-4672

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

Code injection

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

CVE-2014-4672

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

CVE-2014-4672

CVE-2014-4672 affects Yii PHP Framework 1.1.14: the CDetailView widget’s value property can be exploited to execute arbitrary PHP scripts on the server. Public documents state the issue arises when user input is used to configure the value attribute, enabling remote code execution. A fix was rele...

WoW Roster 1.5 hsList.php subdir Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19269/info WoW Roster is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit may allow unauthorized users to execute remote PHP scripts;...

Jax PHP Scripts 1.0/1.34/2.14/3.31 formmailer.log User Sent Mail Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

SimpNews 2.0.1/2.13 PATH_SIMPNEWS Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8227/info SimpNews is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a Simpnews URI variable. This variab...

KnowledgeBuilder 2.0/2.1/3.0 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9292/info KnowledgeBuilder is prone to a remote file include vulnerability. An attacker could exploit this to cause hostile PHP scripts to be included and executed from a remote server. This would occur in the security...

Webchat 2.0 Module Path Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7774/info Webchat has been reported prone to a path disclosure weakness. Reportedly an attacker may make a malicious HTTP request for several Webchat PHP scripts to trigger the condition. Under some circumstances the...

VBZoom 1.0 - Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5926/info It has been reported that VBZoom 1.01 may allow attackers to upload arbitrary files to a vulnerable system. The vulnerability is the result of VBZoom failing to properly validate the types of files that are...

MyRoom 3.5 GOLD save_item.php Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6644/info A problem with MyRoom may make it possible for remote attackers to upload files to a vulnerable system. Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary...

OABoard 1.0 Forum Script Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution of...