Small-Cms - hostname Remote PHP Code Injection

Small-Cms - hostname Remote PHP Code Injection source: https://www.securityfocus.com/bid/53703/info Small-Cms is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may...

phpList 2.10.9 - Sajax.php PHP Code Injection

phpList 2.10.9 - Sajax.php PHP Code Injection source: https://www.securityfocus.com/bid/53693/info PHPList is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may...

phpList 2.10.9 - 'Sajax.php' PHP Code Injection

source: https://www.securityfocus.com/bid/53693/info PHPList is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the...

WeBid converter.php Remote PHP Code Injection

This module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution. This module requires Metasploit:...

Ajaxmint Gallery 1.0 Local File Inclusion

========================================================= VUlnerable Software: Ajaxmint Gallery version 1.0 @Software AjaxMint Gallery @Author Rajapandian - [email protected] http://ajaxmint.com/ =========================================================...

CVE-2012-2902

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor JCE component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as...

Unrestricted file upload

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor JCE component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as...

CVE-2012-2902

CVE-2012-2902 : Unrestricted file upload in Joomla! Content Editor (JCE) for Joomla! before 2.1. The flaw is in editor/extensions/browser/file.php where, if chunking is enabled (>0), an attacker can upload a PHP file with a double extension (e.g., .jpg.pht) to execute arbitrary code. Affected:...

Active Collab 'chat module' < 2.3.8 - Remote PHP Code Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Active Collab "chat module" %q This...

Wordpress-3-3-1 vulnerability documentation-bug warning-the black bar safety net

Most popular Wordpress recent new release of the 3. 3. 1 vulnerabilities, and now published about vulnerability details...... Quicl’sBlog've been looking at Wordpress vulnerability, and through the network to collect the first time for the majority of the Wordpress user with Wordpress...

PHP 'php-cgi' Information Disclosure Vulnerability

Description PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected...

mysqldumper1.24.4_LFI_XSS_CSRF_PHPEXEC_TRAVERSAL_INFO_DISCLOS

================================================================================================ Vulnerable Software: MySQLDumper Version 1.24.4 Downloaded from: http://sourceforge.net/projects/mysqldumper/files/ MD5 SUM: b62357a0d5bbb43779d16427c30966a1 MySQLDumper1.24.4.zip...

MySQLDumper 1.24.4 Multiple Vulnerabilities

Exploit for php platform in category web applications ================================================================================================ Vulnerable Software: MySQLDumper Version 1.24.4 Downloaded from: http://sourceforge.net/projects/mysqldumper/files/ MD5 SUM:...

SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

source: https://www.securityfocus.com/bid/53282/info SilverStripe is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and...

WebCalendar <= 1.2.4 Multiple Vulnerabilities - Active Check

WebCalendar is prone to multiple input validation vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

WebCalendar 1.2.4 - Remote Code Execution

WebCalendar 1.2.4 - Remote Code Execution ?php / ----------------------------------------------------------------------- WebCalendar = 1.2.4 install/index.php Remote Code Executionn Exploit ----------------------------------------------------------------------- author..........: Egidio Romano aka...

OpenCart <= 1.5.2.1 Multiple Vulnerabilities

OpenCart is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:opencart:opencart"; ifdescription...

FreeBSD : phpmyfaq -- Remote PHP Code Execution Vulnerability (c80a3d93-8632-11e1-a374-14dae9ebcf89)

The phpMyFAQ project reports : The bundled ImageManager library allows injection of arbitrary PHP code to execute arbitrary PHP code and upload malware and trojan horses. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

KubeLance 1.8.0 Cross Site Request Forgery / Cross Site Scripting

=========================================================== Vulnerable Software: KubeLance: 1.8.0 Official Site: kubelabs.com =========================================================== Vuln Desc: KubeLance: 1.8.0 suffers from multiple CSRF and XSS+HTML injection vulns. Below i'll show to you ONL...

Toenda CMS 1.6.2 Osaka Stable Local File Inclusion

Exploit for php platform in category web applications ============TOENDA CMS 1.6.2 OSAKA "STABLE" MULTIPLE VULNERABILITIES============ Vulnerable Software: toendaCMS1.6.2OsakaStable Developed by: http://www.toendacms.org/index.php/en/open/download.html toenda.com...