swDesk - Multiple Vulnerabilities

Title : swDesk Multi Vulnerability Author : Red Security TEAM Date : 01/02/2012 Risk : High Vendor : http://www.swdesk.com/ Tested On : Apache Contact : Info 4t RedSecurity d0t COM Home : http://RedSecurity.COM Exploit : I. Arbitrary File Upload Vulnerability 1. Go to http://server/createticket.p...

4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection

!/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil | HcJ Cyb3r...

4Images 1.7.6-9 - Cross-Site Request Forgery PHP Code Injection

4Images 1.7.6-9 - Cross-Site Request Forgery PHP Code Injection !/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54...

vBSEO 3.6.0 - proc_deutf() Remote PHP Code Injection (Metasploit)

vBSEO 3.6.0 - procdeutf Remote PHP Code Injection Metasploit require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly...

EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability

EPractize Labs Subscription Manager is prone to a remote PHP code- injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other...

EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability

EPractize Labs Subscription Manager is prone to a remote PHP code- injection vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

miniCMS Multiple Remote PHP Code Injection Vulnerabilities

miniCMS is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected application and possibly the underlying computer. miniCMS 1.0 and 2.0 are...

miniCMS Multiple Remote PHP Code Injection Vulnerabilities

miniCMS is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

MiniCMS 1.02.0 - PHP Code Injection

MiniCMS 1.02.0 - PHP Code Injection Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx...

MiniCMS 1.0/2.0 - PHP Code Injection

Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0d3 | sp. Cyb3r-Crystal |...

[PT-2011-02] PHP code Injection in Kayako Support Suite

----------------------------------------------------------------- PT-2011-02 Positive Technologies Security Advisory PHP code Injection in Kayako Support Suite ----------------------------------------------------------------- --- Vulnerable software Kayako Support Suite Version: 3.70.02-stable an...

Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection

------------------------------------------------------------------------- Tiki Wiki CMS Groupware = 8.2 snarfajax.php Remote PHP Code Injection ------------------------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............:...

Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection

------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1&regexres=phpinfo&regex=//e%00/ Tiki internal filters remove all null bytes from user input, but for some strange reason this doesn't happen within admin sessions. So,...

Tiki Wiki CMS Groupware 8.2 - snarf_ajax.php Remote PHP Code Injection

Tiki Wiki CMS Groupware 8.2 - snarfajax.php Remote PHP Code Injection ------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1&regexres=phpinfo&regex=//e%00/ Tiki internal filters remove all null bytes from user input, but for...

WikkaWiki Multiple Security Vulnerabilities

WikkaWiki is prone to multiple security vulnerabilities, including: - An SQL injection vulnerability. - An arbitrary file upload vulnerability. - An arbitrary file deletion vulnerability. - An arbitrary file download vulnerability. - A PHP code injection vulnerability. SPDX-FileCopyrightText: 201...

WikkaWiki Multiple Security Vulnerabilities

WikkaWiki is prone to multiple security vulnerabilities, including: 1. An SQL injection vulnerability. 2. An arbitrary file upload vulnerability. 3. An arbitrary file deletion vulnerability. 4. An arbitrary file download vulnerability. 5. A PHP code injection vulnerability. Attackers can exploit...

PmWiki Pagelist 'order' Parameter PHP Code Injection Vulnerability

The host is running PmWiki and is prone to PHP code injection vulnerability. OpenVAS Vulnerability Test $Id: secpodpmwikipagelistorderparamphpcodeinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ PmWiki Pagelist 'order' Parameter PHP Code Injection Vulnerability Authors: Sooraj KS Copyright:...

PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (1)

$r 454. if @$PageListSortCmp$o 455. $code .= "$c = $PageListSortCmp$o; "; 456. else 457. $code .= "$c = @strcasecmp$PCache$x'$o',$PCache$y'$o'; "; 458. $code .= "if $c return $r$c;\n"; 459. 460. StopWatch'PageListSort sort'; 461. if $code 462. uasort$list, 463. createfunction'$x,$y',...

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit

Exploit for php platform in category web applications $r 454. if @$PageListSortCmp$o 455. $code .= "$c = $PageListSortCmp$o; "; 456. else 457. $code .= "$c = @strcasecmp$PCache$x'$o',$PCache$y'$o'; "; 458. $code .= "if $c return $r$c;\n"; 459. 460. StopWatch'PageListSort sort'; 461. if...

Support Incident Tracker (SiT!) <= 3.65 Multiple Vulnerabilities

Support Incident Tracker SiT! is prone to multiple vulnerabilities. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...