PhpTax 0.8 - File Manipulation 'newvalue' / Remote Code Execution

,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : PhpTax File Manipulationnewvalue,field Remote Code...

Ecshop后台getshell-2

简要描述： 非模板，非sql!!!!!!! 详细说明： 后台可以编辑语言项，并且语言项中有部分是双引号，所以可以通过 $phpinfo 这种格式直接执行php代码，getshell!!这里为了方便演示，使用phpinfo，实际情况可以换成一句话） 语言文件有双引号 后台可以编辑语言文件，插入特殊格式php代码。 此处编辑的是“gzip已禁用”这段文字，所以几乎所有页面都有php代码，首页都有了。 漏洞证明：...

Session fixation

functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...

ZPanel Crafted Template Remote Command Execution Vulnerability

Exploit for php platform in category web applications There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor "templater"...

Incomplete blacklist vulnerability - ownCloud

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows authenticated remote attackers to execute arbitrary PHP code by uploading a crafted file and accessing an uploaded PHP file. Note: Successful exploitation requires that the /data/ directory is stored inside the webroot and a...

Server: Incomplete blacklist vulnerability

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows authenticated remote attackers to execute arbitrary PHP code by uploading a crafted file and accessing an uploaded PHP file. Note: Successful exploitation requires that the /data/ directory is stored inside the webroot and a...

Multiple Vulnerabilities in OpenX

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting XSS attacks and compromise vulnerable system. 1 Local File Inclusion in OpenX: CVE-2013-3514 Input passed via "group" HTTP GET...

SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey

SEC Consult Vulnerability Lab Security Advisory 20130417-0 ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage:...

WP Super Cache Plugin for WordPress Multiple Insecure PHP Code Inclusion Macros Remote Code Execution

The WP Super Cache Plugin for WordPress installed on the remote host is affected by a remote PHP code execution vulnerability due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can submit a comment to a WordPress blog containing arbitrary PHP code. The...

WordPress W3 Total Cache plugin <= 0.9.2.8 - PHP Code Execution vulnerability

W3 Total Cache plugin is prone to a PHP code execution vulnerability because of the handling of certain macros such as "mfunc" that allows arbitrary PHP code injection. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 0.9.2.9...

WordPress Plugin W3 Total Cache - PHP Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Wordpress W3 Total Cache PHP Code...

Wordpress W3 Total Cache PHP Code Execution Vulnerability

This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows...

Wordpress W3 Total Cache PHP Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Wordpress W3 Total Cache PHP Code...

[SECURITY] Fedora 19 Update: php-twig-Twig-1.12.3-1.fc19

The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...

SMF - &#039;/index.php&#039; HTML Injection / Multiple PHP Code Injection Vulnerabilities

source: https://www.securityfocus.com/bid/59409/info SMF is prone to an HTML-injection and multiple PHP code-injection vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the affected application and...

SMF - index.php HTML Injection Multiple PHP Code Injection Vulnerabilities

SMF - index.php HTML Injection Multiple PHP Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/59409/info SMF is prone to an HTML-injection and multiple PHP code-injection vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on ...

IIS 7.5 解析错误 命令执行漏洞

IIS是由微软公司提供的基于运行Microsoft Windows的互联网基本服务，其7.0、7.5版本在URI中出现xxx.jpg/xxx.php这样形式的访问时与后端FastCGI处理不一致，导致攻击者可以通过在图片中嵌入PHP代码，然后以xxx.jpg/xxx.php的形式来访问图片，IIS就会执行图片中的PHP代码，导致命令执行漏洞。 IIS 7.0、7.5...

Code injection

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables...

CVE-2013-0132

The CVE-2013-0132 entry documents a vulnerability in Parallels Plesk Panel 11.0.9 where the suexec implementation uses a cgi-wrapper whitelist entry that, because suexec does not sanitize environment variables, allows a user-assisted remote attacker to execute arbitrary PHP code via a crafted req...

Sosci Survey - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/59278/info Sosci Survey is prone to following security vulnerabilities: 1. An unauthorized-access vulnerability 2. Multiple cross-site scripting vulnerabilities 3. Multiple HTML-injection vulnerabilities 4. A PHP code-execution vulnerability Successful...