MyBB 1.6.11 - Remote Code Execution

MyBB 1.6.11 - Remote Code Execution input'info' as $key = $info $info = strreplace"\", "\\", $info; $info = strreplace'$', '$', $info; $newlanginfo$key = strreplace""", '"', $info; and Line 69: $langinfo'admin' = $newlanginfo'admin'; You can see that some chars are being replaced , however...

Elastix Voip system 2.x , Php code injection / Data dump Exploit

Elastix is famous asterisk voip system interface dist. it's vulnerable to php code injection vuln , which can be used to dump all data including - SIP Extention Data - Plain text admin password - Moderators passwords - All trunks data - shell upload Usage Info just add the ip list to "list.txt"...

AjaXplorer Zoho plugin < 5.0.4 Directory Traversal Vulnerability

The Zoho plugin of AjaXplorer is prone to a directory traversal and a file upload vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Fedora 20 : drupal6-context-3.3-1.fc20 (2013-21303)

CVE-2013-4445/CVE-2013-4446 Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues. First issue is that the module allows execution of PHP code via manipulation of a URL argument in...

Fedora 18 : drupal6-context-3.3-1.fc18 (2013-21298)

CVE-2013-4445/CVE-2013-4446 Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues. First issue is that the module allows execution of PHP code via manipulation of a URL argument in...

Fedora 19 : drupal6-context-3.3-1.fc19 (2013-21231)

CVE-2013-4445/CVE-2013-4446 Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues. First issue is that the module allows execution of PHP code via manipulation of a URL argument in...

WordPress Amplus Cross Site Request Forgery Vulnerability

WordPress Amplus theme suffers from a cross site request forgery vulnerability. Title : Wordpress Amplus Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Vendor : http://themeforest.net Download :...

OpenX Ad Server Backdoor PHP Code Execution (CVE-2013-4211)

A Code Execution vulnerability has been reported in OpenX Ad Server. The vulnerability is due to the existence of a backdoor within the flowplayer-3.1.1.min.js library. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could...

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

Design/Logic Flaw

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

ImpressPages CMS 3.6 - &#039;manage()&#039; Remote Code Execution

!/usr/bin/python ImpressPages CMS v3.6 manage Function Remote Code Execution Exploit Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6, 3.5 and 3.1 Summary: ImpressPages CMS is an open source web content management system with revolutionary drag & drop...

Joomla Joomleague component Shell Upload Vulnerability

Joomla Joomleague component suffers from a remote shell upload vulnerability due to having Open Flash Chart included. Exploit Title: joomla comjoomleague execute arbitrary PHP code Exploit Google Dork: inurl:comjoomleague Date: 01-11-2013 Exploit Author: wantexz Vendor...

NAS4Free - Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'rexml/document' class Metasploit4 'NAS4Free Arbitrary Remote Code Execution', 'Description' = %q NAS4Free allows an authenticated...

Joomla Joomleague Shell Upload

Exploit Title: joomla comjoomleague execute arbitrary PHP code Exploit Google Dork: inurl:comjoomleague Date: 01-11-2013 Exploit Author: wantexz Vendor Homepage:http://www.joomleague.net/ Software Link:...

NAS4Free Arbitrary Remote Code Execution

NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well. This module requires Metasploit:...

vTiger CRM 5.3.0 / 5.4.0 Authenticated Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'vTigerCRM v5.4.0/v5.3.0 Authenticated Remote Code Execution', 'Description' = %q vTiger CRM allows an authenticated user to upload...

NAS4Free Arbitrary Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'rexml/document' class Metasploit4 'NAS4Free Arbitrary Remote Code Execution', 'Description' = %q NAS4Free allows an authenticated...

Log1 CMS writeInfo() PHP Code Injection (CVE-2011-4825)

A PHP code injection vulnerability has been reported in the "Ajax File and Image Manager" component in log1 CMS. A remote attacker could inject arbitrary PHP code into data.php via crafted parameters...

SA-CONTRIB-2013-079 - Context - Multiple Vulnerabilities

Context allows you to manage contextual conditions and reactions for different portions of your site This advisory covers two separate issues. Arbitrary PHP Code Execution The first, and more severe issue Highly Critical status, is that the module allows execution of PHP code via manipulation of ...