7205 matches found
Remote code execution
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...
CVE-2013-4211
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...
CVE-2011-4906
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution...
Unrestricted file upload
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution...
Improper Input Validation in Symfony
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter...
CVE-2013-2010
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...
CVE-2013-2010
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...
CVE-2013-4225
The RESTful Web Services (RESTWS) module for Drupal is vulnerable in versions 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 due to insufficient restriction of access to entity write operations. This allows remote authenticated users with permissions such as "access resource node" and "create ...
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress InfiniteWP Client Authentication Bypass', 'Description' = %q This module exploits an authentication bypass in the WordPress InfiniteWP...
WordPress InfiniteWP Client Authentication Bypass Exploit
This Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGINFILE. The module will attempt to retrieve the original PLUGINFILE contents and restore them...
CVE-2014-5091
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code...
Code injection
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code...
CVE-2014-5091
Status2K 2.5 Server Monitoring Software is affected by CVE-2014-5091 via the multies parameter to includes/functions.php, which could allow an attacker to execute arbitrary PHP code. Affected component: the server monitoring software’s PHP code path, specifically includes/functions.php, with the ...
CVE-2013-3629
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...
Remote code execution
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability...
Code injection
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...
CVE-2013-3629
CVE-2013-3629 affects ISPConfig 3.0.5.2. The Red Hat/NVD/CVE records and related sources describe an Arbitrary PHP Code Execution vulnerability. The root cause is a flaw in ISPConfig’s content/language handling that allows an authenticated user to cause arbitrary PHP code execution on the server ...
CVE-2013-3629
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...
CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability...
CVE-2013-3591
Summary of CVE-2013-3591 : The vulnerability affects vTiger CRM versions 5.3 and 5.4, where the attacker can abuse the vulnerable vTiger “files” upload folder to upload a PHP script and achieve arbitrary PHP code execution. Multiple connected sources document an authenticated remote-code-executio...