CVE-2012-5609

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file...

CVE-2012-5610

The CVE-2012-5610 entry describes an Incomplete blacklist vulnerability in ownCloud’s lib/filesystem.php, exploitable by remote authenticated users via uploading a file with a specially crafted name. Affected are ownCloud core versions before 4.0.9 and 4.5.x before 4.5.2. The underlying cause is ...

CVE-2012-5609

The CVE-2012-5609 issue affects ownCloud prior to 4.5.2, with the vulnerability in lib/migrate.php allowing remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file inside a ZIP. Root cause: incomplete blacklist handling in the upload path. Impact per sources...

CVE-2012-6065

The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553...

CVE-2012-5537

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron...

Code injection

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron...

CVE-2012-6065

The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553...

CVE-2012-5537

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron...

Finecms1. 7 3 The code of audit summary of the defect packaged and fixed-vulnerability warning-the black bar safety net

FineCMS is a paragraph based on PHP+MySql development of content management system, using the MVC design pattern to implement business logic with the presentation layer of the appropriate separation, so that web designers can easily design the ideal template, plug-in development features...

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the...

CVE-2012-4472

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the...

CVE-2012-4472

The CVE-2012-4472 issue affects the Drupal Drag & Drop Gallery module (6.x-1.5 and earlier). The vulnerability resides in upload.php, where unrestricted file uploads allow an attacker to upload a PHP-executable file (with an executable extension followed by a safe extension) and then access it vi...

Network Shutdown Module 3.21 Remote PHP Code Injection

This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable...

Network Shutdown Module 3.21 Remote PHP Code Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/phpexe' class Metasploit3...

Network Shutdown Module sort_values Credential Dumper

This module will extract user credentials from Network Shutdown Module versions 3.21 and earlier by exploiting a vulnerability found in lib/dbtools.inc, which uses unsanitized user input inside a eval call. Please note that in order to extract credentials, the vulnerable service must have at leas...

Piwik core/Loader.php Trojaned Distribution

The version of Piwik installed on the remote web server contains a trojaned backdoor, and allows the execution of arbitrary PHP code subject to the privileges under which the web server operates. It is likely to have been installed from a copy of the file 'latest.zip' downloaded from the project'...

CVE-2012-6046

Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter...

Code injection

Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter...

BuyClassifiedScript - PHP Code Injection

Exploit Title: buyclassifiedscript PHP code injection vulnerability Date: 25.11.201 Exploit Author: d3b4g Vendor Homepage: http://buyclassifiedscript.com/ Tested on:Windows 7 Blog: d3b4g.me ---------------------------------------------------------------------------------- This vulnerability allow...

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...