7207 matches found
WordPress Woopra Remote Code Execution
WordPress Woopra plugin remote PHP arbitrary code execution exploit. Exploit Title: woopra plugins execute arbitrary PHP code Exploit Google Dork: inurl:/plugins/woopra/inc/php-ofc-library , inurl:wp-content/plugins/woopra/inc/ Date: 06-10-2013 Exploit Author: wantexz Vendor...
WordPress SEO Watcher Remote Code Execution Vulnerability
WordPress SEO Watcher plugin remote code execution exploit. Exploit Title: seo-watcher plugins execute arbitrary PHP code Exploit Google Dork: inurl:/wp-content/plugins/seo-watcher/ inurl:wp-content/plugins/seo-watcher/ Date: 03-10-2013 Exploit Author: wantexz Vendor Homepage:http://wordpress.org...
Empire cms 7.0 background to get shell-vulnerability warning-the black bar safety net
Empire CMS7. 0 background can upload the mod suffix PHP file and execute inside php code. Into the backgroundit! Method a: system data tables with the system model-management data table and then randomly selected one data table, open the corresponding data table of the“management system model”as...
WordPress Plugin SEO Watcher - ofc_upload_image.php Arbitrary PHP Code Execution
WordPress Plugin SEO Watcher - ofcuploadimage.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/62825/info The SEO Watcher plugin for WordPress is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code with...
ClipBucket Remote Code Execution Vulnerability
ClipBucket suffers from a remote code execution vulnerability that allows for a shell upload. . \ /| | \ \ \ \ | | | | / \ / \ /\ / \ / / / / / \ /\ / \ / / / | | | Y \ / \ | | \ /\ \ \ | | /\ /\ / || || /\ \ /|| / /// \ /|| \ // / / / / / / http://thecrowscrew.org Exploit...
WordPress SEO Watcher Plugin - Arbitrary PHP Code Execution
SEO Watcher plugin's "ofcuploadimage.php" is prone to an arbitrary PHP code execution vulnerability. It allows an attacker to execute arbitrary PHP code within the context of the web server. Solution Upgrade the plugin...
GLPI 0.84.1 Access Control / Code Injection
Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12, 2013 Public Disclosure: October 2, 2013...
GLPI 0.84.1 - Multiple Vulnerabilities
Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12, 2013 Public Disclosure: October 2, 2013...
GLPI 0.84.1 - Multiple Vulnerabilities
GLPI 0.84.1 - Multiple Vulnerabilities Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12,...
CVE-2013-5961
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/...
CVE-2013-5961
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/...
MySQL: Обход фильтрации символов в имени колонок
Прим.: Вариант, который потерялся, и о котором никто не напомнил: https://rdot.org/forum/showpost.php?...2&postcount=10 Материал ниже все равно может быть полезен при изучении специфических SQL-запросов в MySQL и при некоторых типах WAF. ------------ Недавно, изучая одну уязвимость возникла...
Remote Code Execution in Microweber
High-Tech Bridge Security Research Lab discovered vulnerability in Microweber, which can be exploited to delete arbitrary files and compromise vulnerable system as a consequence. 1 Improper Access Control in Microweber: CVE-2013-5984 Vulnerability exists due to improper access restriction to...
Cross site request forgery (csrf)
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and 1 perform a SQL injection via an Etape4 action or 2 execute arbitrary PHP...
CVE-2013-5696
GLPI before 0.84.2 is affected by CVE-2013-5696 due to inc/central.class.php not disabling install.php after installation, enabling CSRF and, via Etape_4 and update_1 actions, potential SQL injection and arbitrary PHP code execution. The CVE is documented with root cause as improper access contro...
Security fix for the ALT Linux 9 package glpi version 0.84.2-alt1
Sept. 20, 2013 Pavel Zilke 0.84.2-alt1 - Security fixes: + CVE-2013-5696 : SQL Injection, PHP Code Execution, CSRF...
Security fix for the ALT Linux 10 package glpi version 0.84.2-alt1
Sept. 20, 2013 Pavel Zilke 0.84.2-alt1 - Security fixes: + CVE-2013-5696 : SQL Injection, PHP Code Execution, CSRF...
WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...
Astium Remote Code Execution
This module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to...
Remote Code Execution in GLPI
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in GLPI, which can be exploited to bypass security restrictions and execute arbitrary PHP code with privileges of web server. 1 Improper Access Control in GLPI The vulnerability exists due to insufficient access restrictio...