Nova CMS - optimizerindex.php?fileType Remote File Inclusion

Nova CMS - optimizerindex.php?fileType Remote File Inclusion source: https://www.securityfocus.com/bid/51976/info Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remot...

Nova CMS - administratormodulesmoduleslist.php?id Remote File Inclusion

Nova CMS - administratormodulesmoduleslist.php?id Remote File Inclusion source: https://www.securityfocus.com/bid/51976/info Nova CMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may...

Directory traversal

actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTPREFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request ...

WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Inclusion Vulnerability

WordPress is prone to a remote file inclusion vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"...

swDesk Shell Upload / Code Injection / XSS

Title : swDesk Multi Vulnerability Author : Red Security TEAM Date : 01/02/2012 Risk : High Vendor : http://www.swdesk.com/ Demo : http://www.swdesk.com/demo/swdesk/ Tested On : Apache Contact : Info 4t RedSecurity d0t COM Home : http://RedSecurity.COM Exploit : I. Arbitrary File Upload...

WordPress 'setup-config.php' Multiple Vulnerabilities

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

swDesk Multi Vulnerability

Exploit for php platform in category web applications Title : swDesk Multi Vulnerability Author : Red Security TEAM Date : 01/02/2012 Risk : High Vendor : http://www.swdesk.com/ Tested On : Apache Contact : Info 4t RedSecurity d0t COM Home : http://RedSecurity.COM Exploit : I. Arbitrary File Uplo...

swDesk - Multiple Vulnerabilities

Title : swDesk Multi Vulnerability Author : Red Security TEAM Date : 01/02/2012 Risk : High Vendor : http://www.swdesk.com/ Tested On : Apache Contact : Info 4t RedSecurity d0t COM Home : http://RedSecurity.COM Exploit : I. Arbitrary File Upload Vulnerability 1. Go to http://server/createticket.p...

4images 1.7.6 > 9 Csrf inject php code

Exploit for php platform in category web applications !/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xS...

HostBill App 2.3 - Remote Code Injection

HostBill App 2.3 - Remote Code Injection =-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah, The Most Beneficent, The Most Merciful-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: suffering from RemotE injection php code Vendor:hostbillapp.com + Software:HostBill + Version : v2.3 + author:Dr.DaShE TEAM:...

4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection

!/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil | HcJ Cyb3r...

4Images 1.7.6-9 - Cross-Site Request Forgery PHP Code Injection

4Images 1.7.6-9 - Cross-Site Request Forgery PHP Code Injection !/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54...

Code injection

Static code injection vulnerability in translate.php in Support Incident Tracker aka SiT! 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable...

CVE-2011-4337

Static code injection vulnerability in translate.php in Support Incident Tracker aka SiT! 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable...

CVE-2011-3832

Eval injection vulnerability in config.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the applicationname parameter in a save action...

CVE-2011-3833

Unrestricted file upload vulnerability in ftpuploadfile.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory...

Unrestricted file upload

Unrestricted file upload vulnerability in ftpuploadfile.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory...

vBSEO 3.6.0 - proc_deutf() Remote PHP Code Injection (Metasploit)

vBSEO 3.6.0 - procdeutf Remote PHP Code Injection Metasploit require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly...

EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability

EPractize Labs Subscription Manager is prone to a remote PHP code- injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other...

EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability

EPractize Labs Subscription Manager is prone to a remote PHP code- injection vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...