950 matches found
CVE-2017-1000160
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting that results in PHP code injection. Affected product/version is explicitly stated (ExpressionEngine 3.4.2). The impact is described as XSS leading to PHP code execution, with no explicit exploit details, vectors, or affected co...
MyBB 1.8.13 - Remote Code Execution
Exploit Title: RCE in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16780 This RCE can be executed via CSRF but doesn't require it in some special cases. The...
Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection Vulnerabilities
Exploit for php platform in category web applications Meta Tags File Footer File...
Topsites Script 1.0 - Cross-Site Request Forgery PHP Code Injection
Topsites Script 1.0 - Cross-Site Request Forgery PHP Code Injection Meta Tags File Footer File...
Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection
Meta Tags File Footer File...
CVE-2017-14048
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea
Exploit for windows platform in category web applications Vulnerabilities Summary The following advisory describes six 6 vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing OLTP data...
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow
Vulnerabilities Summary The following advisory describes six 6 vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing OLTP data server for enterprise and workgroup computing. IBM Informi...
IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow
IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow Vulnerabilities Summary The following advisory describes six 6 vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, lo...
MGASA-2017-0141 Updated mhonarc packages fix security vulnerability
MHonArc before 2.6.19 is vulnerable to PHP code injection via commentized subjects. This update fixes it...
Updated mhonarc packages fix security vulnerability
MHonArc before 2.6.19 is vulnerable to PHP code injection via commentized subjects. This update fixes it...
BanManager WebUI PHP Code Injection Vulnerability
BanManager is a SQL-based disablement management system. A PHP code injection vulnerability exists in BanManager WebUI version 1.5.8. The vulnerability can be exploited to execute arbitrary code because the 'setting.php' page does not validate the input parameters when doing an update operation...
BanManager WebUI 1.5.8 - PHP Code Injection
BanManager WebUI 1.5.8 - PHP Code Injection BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage:...
BanManager WebUI 1.5.8 - PHP Code Injection Vulnerability
Exploit for php platform in category web applications BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage:...
BanManager WebUI 1.5.8 - PHP Code Injection
BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/BanManagement/BanManager-WebUI Software Link:...
MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection Exploit
Exploit for multiple platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability',...
WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection
Exploit Title: WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection Exploit Author: sucuri.net @sucurisecurity Date: 2017-02-09 Google Dork : inurl:/wp-content/plugins/insert-php/ Vendor Homepage: https://fr.wordpress.org/plugins/insert-php/ Tested on: MSWin32 Version: 3.3.1 Explanation :...
Paragon Initiative Enterprises: BAD Code !
Hi sir, My name is Ahmed Kohly and I'm the biggest hacker on EGYPT, I'm also who hacked ISIS pages with my friend Ahmed Samara we are so dangerous. so don't trust me Please . Anyway, I've found that your code here https://github.com/paragonie/airship/blob/master/tools/audithelper.php , is startin...
Security update for phpMyAdmin (important)
phpMyAdmin was updated to version 4.4.15.8 2016-08-16 to fix the following issues: - Upstream changelog for 4.4.15.8: Improve session cookie code for openid.php and signon.php example files Full path disclosure in openid.php and signon.php example files Unsafe generation of BlowfishSecret when no...
PT-2022-23020
Name of the Vulnerable Software and Affected Versions GLPI versions through 10.0.2 Description The issue allows PHP code injection in the htmlawed module, specifically through the /vendor/htmlawed/htmlawed/htmLawedTest.php file. Recommendations For GLPI versions through 10.0.2, update to a versio...