950 matches found
Cuppa CMS Remote / Local File Inclusion
Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip Version : Beta Tested on : Window and Linux...
PhpTax 0.8 Code Execution Vulnerability
PhpTax version 0.8 suffers from a file manipulation remote code execution vulnerability. ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / ...
WordPress Plugin W3 Total Cache - PHP Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Wordpress W3 Total Cache PHP Code...
Wordpress W3 Total Cache PHP Code Execution Vulnerability
This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows...
Wordpress W3 Total Cache PHP Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Wordpress W3 Total Cache PHP Code...
SMF - '/index.php' HTML Injection / Multiple PHP Code Injection Vulnerabilities
source: https://www.securityfocus.com/bid/59409/info SMF is prone to an HTML-injection and multiple PHP code-injection vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the affected application and...
FUDforum - Multiple Remote PHP Code Injection Vulnerabilities
FUDforum - Multiple Remote PHP Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/58845/info FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input...
FUDforum - Multiple Remote PHP Code Injection Vulnerabilities
source: https://www.securityfocus.com/bid/58845/info FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. Attackers may exploit these issues to execute arbitrary PHP code...
PHP Code Injection in FUDforum
High-Tech Bridge Security Research Lab discovered vulnerability in FUDforum, which can be exploited to execute arbitrary PHP code on the target system. 1 PHP Code Injection in FUDforum: CVE-2013-2267 The vulnerability exists due to insufficient validation of HTTP POST parameters "regexstr",...
DataLife Engine preview.php PHP Code Injection
Exploit for php platform in category remote exploits require 'msf/core' class Metasploit3 'DataLife Engine preview.php PHP Code Injection', 'Description' = %q This module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure...
DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://dleviet.com/ -...
DataLife Engine 9.7 - 'preview.php' PHP Code Injection
------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://dleviet.com/ - Affected Version: 9.7 only. - Vulnerability Description: Th...
DataLife Engine 9.7 - preview.php PHP Code Injection
DataLife Engine 9.7 - preview.php PHP Code Injection ------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://dleviet.com/ - Affect...
Elastix < 2.4 PHP Code Injection Vulnerability
Elastix is prone to a PHP code injection vulnerability because it fails to properly sanitize user-supplied input. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Eaton MGE Network Shutdown Module Remote PHP Code Injection
A remote code execution vulnerability has been reported in Eaton MGE Network Shutdown Module...
Elastix 2.3 PHP Code Injection Vulnerability
Elastix versions prior to 2.4 php code injection exploit. ? / Exploit Title : Elastix 2.3 , Remote Command Execution Exploit Google Dork : WTF!!!! Version: Elastix All versions below 2.3 , Newer versions maybe affected as well ; Tested on: CentOS CVE : notyet Download Vuln software : elastix.org...
Elastix 2.3 PHP Code Injection
? / Exploit Title : Elastix 2.3 , Remote Command Execution Exploit Google Dork : WTF!!!! Version: Elastix All versions below 2.3 , Newer versions maybe affected as well ; Tested on: CentOS CVE : notyet Download Vuln software : elastix.org Author : Faris AKA i-Hmx Mail : [email protected] Home :...
CVE-2012-5537
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron...
Network Shutdown Module 3.21 Remote PHP Code Injection
This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable...
Network Shutdown Module 3.21 Remote PHP Code Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/phpexe' class Metasploit3...