Sosci Survey - Multiple Vulnerabilities

Sosci Survey - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/59278/info Sosci Survey is prone to following security vulnerabilities: 1. An unauthorized-access vulnerability 2. Multiple cross-site scripting vulnerabilities 3. Multiple HTML-injection vulnerabilities 4. A PHP...

Sosci Survey 2.x Bypass / XSS / Command Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage: https://www.soscisurvey.de...

CMSLogik 1.2.1 - Multiple Vulnerabilities

CMSLogik 1.2.1 - Multiple Vulnerabilities !/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter,...

CMSLogik 1.2.1 Shell Upload

!/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...

CMSLogik 1.2.1 - Multiple Vulnerabilities

CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. The vulnerability is caused...

CMSLogik 1.2.1 - Multiple Vulnerabilities

!/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...

EasyPHP Webserver Multiple Vulnerabilities

This host is running EasyPHP Webserver and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbeasyphpwebservermultvuln.nasl 6115 2017-05-12 09:03:25Z teissa $ EasyPHP Webserver Multiple Vulnerabilities Authors: Antu Sanadi Copyright: Copyright C 2013 Greenbone Networks GmbH,...

EasyPHP - '/index.php' Authentication Bypass / Remote PHP Code Injection

source: https://www.securityfocus.com/bid/58945/info EasyPHP is prone to an authentication bypass and a PHP code execution vulnerability. Attackers may exploit these issues to gain unauthorized access to the affected application and perform arbitrary actions or execute arbitrary PHP code within t...

EasyPHP - index.php Authentication Bypass Remote PHP Code Injection

EasyPHP - index.php Authentication Bypass Remote PHP Code Injection source: https://www.securityfocus.com/bid/58945/info EasyPHP is prone to an authentication bypass and a PHP code execution vulnerability. Attackers may exploit these issues to gain unauthorized access to the affected application...

EasyPHP WebServer v.(all) <= Multiple Vulnerabilities

EasyPHP is Suffer from : + Auth Bypass + Remote Shell Injection / Remote Code Execute The Bug in EasyPHP WebServer Manager found because the PORTAL of Administration doesn't protected ! so just when you found the Admin-Portal - you can bypass the auth directly and remote attacker can get some...

FUDforum - Multiple Remote PHP Code Injection Vulnerabilities

FUDforum - Multiple Remote PHP Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/58845/info FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input...

FUDforum - Multiple Remote PHP Code Injection Vulnerabilities

source: https://www.securityfocus.com/bid/58845/info FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. Attackers may exploit these issues to execute arbitrary PHP code...

STUNSHELL (Web Shell) - PHP Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'STUNSHELL Web Shell Remote PHP Code...

CVE-2013-0224

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file...

Incomplete blacklist vulnerability - ownCloud

Incomplete blacklist vulnerability in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to upload a .htaccess file and therefore the execution of arbitrary PHP code in a standard Apache installation. Affect...

Server: Incomplete blacklist vulnerability

Incomplete blacklist vulnerability in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to upload a .htaccess file and therefore the execution of arbitrary PHP code in a standard Apache installation. For mo...

[Weevely] PHP Stealth Tiny Web Shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox...

PHP Code Injection in FUDforum

High-Tech Bridge Security Research Lab discovered vulnerability in FUDforum, which can be exploited to execute arbitrary PHP code on the target system. 1 PHP Code Injection in FUDforum: CVE-2013-2267 The vulnerability exists due to insufficient validation of HTTP POST parameters "regexstr",...

Multiple code executions - ownCloud

A code executions vulnerability in ownCloud 4.5.6 and 4.0.11 and all prior versions allow authenticated remote attackers to execute arbitrary PHP code via unspecified POST parameters to translations.php in /core/ajax/ Commits: 74e73bc stable4, ece08cd stable45 Risk: Critical A code executions...

Server: Multiple code executions

A code executions vulnerability in ownCloud 4.5.6 and 4.0.11 and all prior versions allow authenticated remote attackers to execute arbitrary PHP code via unspecified POST parameters to translations.php in /core/ajax/ Commits: 74e73bc stable4, ece08cd stable45 Risk: Critical A code executions...