CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

7207 matches found

exploitpack•added 2013/06/11 12:0 a.m.•16 views

mkCMS - index.php Arbitrary PHP Code Execution

mkCMS - index.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is...

Packet Storm•added 2013/06/11 12:0 a.m.•28 views

mkCMS 3.6 PHP Code Injection

Exploit Title : mkCMS PHP Code Injection Date : 11 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://mkcms.milankragujevic.com/ Software Link : http://jaist.dl.sourceforge.net/project/milan-cms/Releases/mkCMS-v3.6.zip Version : 3.6 Tested on : Window and...

seebug.org•added 2013/06/11 12:0 a.m.•10 views

espcms后台getshell-3，并可利用csrf交互强制管理员getshell

简要描述：详细说明：后台修改模板处未过滤，可在模板中插入php代码（此处方便演示，使用了phpinfo 本来，一个后台getshell的危害应该属于较低的，因为需要管理员权限。但是，espcms后台操作无token，通过csrf的交互，就可以强迫管理员干很多事。修改模板为shell的包如下：无token，所以可以通过一个自动提交表单给管理员点击，然后就会自动getshell了。（此处主要是后台getshell，csrf就不再说了，详细的POC可以查看我以前提交的一些漏洞）漏洞证明：...

Packet Storm•added 2013/06/10 12:0 a.m.•16 views

MaxForum 2.0.0 Code Injection / LFI / Disclosure

Exploit Title : MaxForum 2.0.0 Multiple Vulnerabilities Date : 9 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://sourceforge.net/projects/maxforum/ Software Link : jaist.dl.sourceforge.net/project/maxforum/2.0.0/Maxv2.0.0.zip Version : 2.0.0 Tested on :...

Packet Storm•added 2013/06/10 12:0 a.m.•25 views

Lokboard 1.1 PHP Code Injection

Exploit Title : Lokboard PHP Code Injection Date : 9 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://lokboard.net/ Software Link : lokboard.net/downloads/lokboard110.zip Version : 1.1 Tested on : Window and Linux ,--^----------,--------,-----,-------^--, ...

exploitpack•added 2013/06/09 12:0 a.m.•15 views

Max Forum - Multiple Vulnerabilities

Max Forum - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/60455/info Max Forum is prone to multiple input-validation vulnerabilities including a PHP code-execution vulnerability, a local file-include vulnerability and an information-disclosure because it fails to properly...

Exploit DB•added 2013/06/09 12:0 a.m.•19 views

Max Forum - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/60455/info Max Forum is prone to multiple input-validation vulnerabilities including a PHP code-execution vulnerability, a local file-include vulnerability and an information-disclosure because it fails to properly sanitize user-supplied input. An attacke...

0day.today•added 2013/06/07 12:0 a.m.•21 views

Napata CMS 1.5.2013 PHP Code Injection Vulnerability

Napata CMS version 1.5.2013 suffers from a remote command execution vulnerability. Exploit Title : Napata CMS PHP Code Injection Date : 5 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://napata-cms.blogspot.com/ Software Link :...

Tenable Nessus•added 2013/06/07 12:0 a.m.•1932 views

Plesk Panel Apache Arbitrary PHP Code Injection

The remote host contains an Apache web server installation that is included with Parallels Plesk Panel and that is affected by a remote PHP code injection vulnerability. Due to an Apache configuration issue, a remote, unauthenticated attacker can exploit this issue by crafting a request allowing...

9.8CVSS9.2AI score0.94363EPSS

Exploits41References4

seebug.org•added 2013/06/06 12:0 a.m.•12 views

Parallels Plesk Remote Exploit(PHP Code Execution and therefore Command Execution)

No description provided by source. Parallels Plesk Remote Exploit -- PHP Code Execution and therefore Command Execution Affected and tested: Plesk 9.5.4 Plesk 9.3 Plesk 9.2 Plesk 9.0 Plesk 8.6 Discovered & Exploited by Kingcope / June 2013 Affected and tested OS: RedHat, CentOS, Fedora Affected a...

Check Point Advisories•added 2013/06/06 12:0 a.m.•5 views

DataLife Engine preview.php PHP Code Injection (CVE-2013-1412)

A PHP code injection vulnerability has been reported in DataLife Engine 9.7...

7.1AI score0.851EPSS

Check Point Advisories•added 2013/06/06 12:0 a.m.•7 views

HP System Management Home Page Command Injection (CVE-2013-3576)

A Remote PHP Code Injection has been reported in HP System Management. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful exploitation would result...

9CVSS7.4AI score0.46318EPSS

0day.today•added 2013/06/05 12:0 a.m.•1101 views

Cuppa CMS Remote / Local File Inclusion Vulnerability

Cuppa CMS suffers from remote and local file inclusion vulnerabilities. Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link :...

exploitpack•added 2013/06/05 12:0 a.m.•20 views

Cuppa CMS - alertConfigField.php LocalRemote File Inclusion

Cuppa CMS - alertConfigField.php LocalRemote File Inclusion Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip...

Exploit DB•added 2013/06/05 12:0 a.m.•78 views

Cuppa CMS - '/alertConfigField.php' Local/Remote File Inclusion

Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip Version : Beta Tested on : Window and Linux...

0day.today•added 2013/06/05 12:0 a.m.•31 views

CMS Gratis Indonesia PHP Code Injection Vulnerability

CMS Gratis Indonesia version 2.2 Beta 1 suffers from a remote PHP code injection vulnerability. Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link :...

Packet Storm•added 2013/06/04 12:0 a.m.•29 views

CMS Gratis Indonesia PHP Code Injection

Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link : http://jaist.dl.sourceforge.net/project/cmsid/source/2.2/cmsid-2.2-beta1.zip Version : 2.2 Beta 1 Tested on : Windo...

exploitpack•added 2013/06/04 12:0 a.m.•20 views

CMS Gratis Indonesia - config.php PHP Code Injection

CMS Gratis Indonesia - config.php PHP Code Injection source: https://www.securityfocus.com/bid/60337/info CMS Gratis Indonesia is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected...

Packet Storm•added 2013/06/04 12:0 a.m.•67 views

Cuppa CMS Remote / Local File Inclusion

Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip Version : Beta Tested on : Window and Linux...

0day.today•added 2013/06/03 12:0 a.m.•38 views

PhpTax 0.8 Code Execution Vulnerability

PhpTax version 0.8 suffers from a file manipulation remote code execution vulnerability. ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / ...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by