7207 matches found
CVE-2014-3453
Eval injection vulnerability in the flagimportformvalidate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import...
Design/Logic Flaw
Eval injection vulnerability in the flagimportformvalidate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import...
CVE-2014-1613
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...
Default credentials
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...
CVE-2014-1613
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...
CVE-2014-1613
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...
Design/Logic Flaw
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a ' backslash quote in the setting fields to /wp-admin/options-media.php, related to the createfunction function...
CVE-2013-7034
The setCookieValue function in lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie...
CVE-2014-2846
WD Arkeia Virtual Appliance AVA firmware
AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability
Document Title: =============== AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1258 Release Date: ============= 2014-04-22 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2014-0342
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .php or 2 .php extension, and then accessing it via unspecified vectors...
Unrestricted file upload
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .php or 2 .php extension, and then accessing it via unspecified vectors...
CVE-2014-0342
PivotX is affected by CVE-2014-0342 due to unrestricted file upload in fileupload.php. The issue occurs in PivotX before 2.3.9, where a file with a .php or .php# extension can be uploaded and then accessed via unspecified vectors, enabling remote execution of PHP code by an authenticated user. Th...
pivotx -- Multiple unrestricted file upload vulnerabilities
Pivotx reports: Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .php or 2 .php extension, and then accessing it via unspecified vectors...
Ecmall a built Station template, search box SQL injection-vulnerability warning-the black bar safety net
http://www.tuutao.com/index.php soil Amoy network With the Ecmall of the establishment of the station template, this template should be all pass to kill. There is a search box injection, the injection point is: http://www.tuutao.com/index.php?app=store&act=search&id=4 5&keyword=aaa&minprice=1 0...
DEBIAN-CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
Design/Logic Flaw
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
CVE-2013-7344
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...