Sql injection

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Invision IP.Board %q This module...

Invision IP.Board 3.3.4 unserialize() PHP Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/phpexe' class Metasploit3...

CVE-2012-4553

Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."...

CVE-2012-4553

Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."...

Invision IP.Board unserialize() PHP Code Execution

This module exploits a php unserialize vulnerability in Invision IP.Board 'Invision IP.Board unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Invision IP.Board = 3.3.4 which could be abused to allow unauthenticated users to execute...

Invision Power Board 3.3.4 Unserialize REGEX Bypass

?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, "\0" === false if strpos $serialized...

Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass

Invision Power Board IP.Board 3.3.4 - Unserialize Regex Bypass ?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring...

[CVE-2012-5777]EmpireCMS Template Parser Remote PHP Code Execution Vulnerability

Exploit Title : Answer my question wordpress plugin Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 09/19/12 version: 1.1 software link:http://wordpress.org/extend/plugins/answer-my-question/ Answer my question plugin description This plugi...

Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution

No description provided by source. ?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX...

[CVE-2012-5692] Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution Vulnerability

------------------------------------------------------------------------------ Invision Power Board = 3.3.4 "unserialize" PHP Code Execution Vulnerability ------------------------------------------------------------------------------ author..............: Egidio Romano aka EgiX...

Invision Power Board 'unserialize()' PHP Code Execution - Active Check

Invision Power Board is prone to a PHP Code Execution vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

jNews com_jnews 7.0.0 => 7.7.5 execute arbitrary PHP code

The vulnerability affects all variations of jNews, including the premium ones this is where the 7.7.5 comes in, not just the free version. The dork "inurl:comjnews" currently produces "About 37,100 results". The exploit will create a file on the targeted website and enable you to execute arbitrar...

FreeBSD : drupal7 -- multiple vulnerabilities (2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5)

Drupal Security Team reports : - Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...

Fedora 17 : drupal7-7.16-1.fc17 (2012-16442)

Fixes SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure - http://drupal.org/node/1815904 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

Drupal 7.x < 7.16 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 7.x prior to 7.16. It is, therefore, potentially affected by multiple vulnerabilities : - An arbitrary PHP code execution vulnerability exists due to an error in the 'installer.php' script. An attacker, under certain conditions, could u...

Drupal 7.x 任意PHP代码执行和信息泄露漏洞

BUGTRAQ ID: 56103 Drupal是一款开放源码的内容管理平台。 Drupal 7.16及之前版本存在安全漏洞，攻击者可利用这些漏洞在Web服务器的上下文中执行任意PHP代码并获取敏感信息。 0 Drupal 7.x 厂商补丁： Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://drupal.org/node/...

BSW Gallery Shell Upload

ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ Undergroundthalo Hacking Team - Security Advisory ³ ³ ³...

SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

Multiple vulnerabilities were discovered in Drupal core. Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PH...