7205 matches found
CVE-2012-2950
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...
ProFTPD 'mod_copy' Arbitrary File Copy Vulnerability (Remote)
The remote host is running ProFTPD. It is affected by a vulnerability in the modcopy module which fails to honor and configurations as expected. An unauthenticated, remote attacker can exploit this, by using the modcopy module's functionality, in order to copy arbitrary files in the FTP directory...
Alcatel OmniVista remote command execution
Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...
Alcatel OmniVista remote command execution
Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...
Alcatel OmniVista remote command execution
Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...
CVE-2013-2011
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009...
Citrix and NetScaler SD-WAN Center Unauthenticated Directory Traversal File Write
The remote Citrix SD-WAN Center or NetScaler SD-WAN Center is susceptible to directory traversal and file writes in arbitrary locations. This is due to improper sanitization of user-supplied input in the applianceSettingsFileTransfer action of ApplianceSettingsController. An unauthenticated, remo...
CVE-2019-19502
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...
CVE-2019-19502
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...
Code injection
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...
CVE-2019-19502
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...
CVE-2019-11325
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter...
CVE-2011-1028
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smartyinternalcompileprivatespecialvariable.php file...
CVE-2011-1028
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smartyinternalcompileprivatespecialvariable.php file...
CVE-2011-1028
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smartyinternalcompileprivatespecialvariable.php file...
File upload vulnerability in the backend of shopxo e-commerce system
ShopXO is an open source enterprise-level open source e-commerce system. shopxo e-commerce system backend file upload vulnerability , an attacker can exploit the vulnerability to execute arbitrary PHP code...
RFI/LFI Payload List
As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. I’ll give...
FusionPBX Command (exec.php) Command Execution Exploit
This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This...
FusionPBX Command exec.php Command Execution
This module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has bee...
Code injection
SugarCRM CE = 6.3.1 contains scripts that use "unserialize" with user controlled input which allows remote attackers to execute arbitrary PHP code...