7207 matches found
Design/Logic Flaw
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...
CVE-2013-7344
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...
Design/Logic Flaw
Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered ...
CVE-2013-7344
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...
Horde Framework - Unserialize PHP Code Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Horde Framework Unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Horde...
CVE-2011-5273
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. dot dot in the pkg parameter in a doinstall action to dtc/...
CVE-2011-5273
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. dot dot in the pkg parameter in a doinstall action to dtc/...
Directory traversal
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. dot dot in the pkg parameter in a doinstall action to dtc/...
CVE-2011-5273
CVE-2011-5273 : Domain Technologie Control (DTC) before 0.34.1 has a directory traversal flaw in the shared/package-installer component. An authenticated remote user can craft a problematic pkg parameter in a do_install action to dtc/ to trigger arbitrary PHP code execution. Root cause is imprope...
CVE-2013-2089
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data...
CVE-2013-2089
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data...
CVE-2013-2089
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data...
CVE-2013-1850
Multiple incomplete blacklist vulnerabilities in 1 import.php and 2 ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file...
Discuz! X3. 1 Background to arbitrary code execution can take shell-vulnerability warning-the black bar safety net
See someone ask Discuz! X3. 1 Background how get shell, download it a look, before someone says HTML generation can take the shell, I yesterday the official website to download the version found, the static file extensions, limiting the htm/html. If the server does not exist parsing vulnerability...
CVE-2014-2089
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain clientid pathname...
CVE-2014-2088
Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an uploadfiles action to the uploadFiles command, and then accessing the .php file via a direct request to a certain clientid pathname...
CVE-2014-2088
Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an uploadfiles action to the uploadFiles command, and then accessing the .php file via a direct request to a certain clientid pathname...
Code injection
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain clientid pathname...
Unrestricted file upload
Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an uploadfiles action to the uploadFiles command, and then accessing the .php file via a direct request to a certain clientid pathname...
CVE-2014-2089
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain clientid pathname...