7206 matches found
Multiple Bugs Haunt WordPress Setup
Researchers have found a string of weaknesses in the WordPress default installation page, including PHP code execution and a persistent cross-site scripting flaw, affecting versions 3.3.1 and later. WordPress officials say that they’re not planning to fix the vulnerabilities as there’s only a sma...
WordPress <= 3.3.1 - Multiple Vulnerabilities
WordPress version 3.3.1 is prone to PHP code execution and persistent cross-site scripting vulnerabilities via "setup-config.php" page. The attackers can host their own MySQL database server and then successfully complete the WordPress installation without having any valid credentials on the targ...
WordPress <= 3.3.1 Multiple Vulnerabilities
Exploit for php platform in category web applications Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version affected: 3.3.1 and prior Product description:...
WordPress Core 3.3.1 - Multiple Vulnerabilities
Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version affected: 3.3.1 and prior Product...
miniCMS Multiple Remote PHP Code Injection Vulnerabilities
miniCMS is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected application and possibly the underlying computer. miniCMS 1.0 and 2.0 are...
miniCMS Multiple Remote PHP Code Injection Vulnerabilities
miniCMS is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
miniCMS 1.0 / 2.0 Code Execution
Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0d3 | sp. Cyb3r-Crystal |...
MiniCMS 1.02.0 - PHP Code Injection
MiniCMS 1.02.0 - PHP Code Injection Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx...
MiniCMS 1.0/2.0 - PHP Code Injection
Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0d3 | sp. Cyb3r-Crystal |...
[PT-2011-02] PHP code Injection in Kayako Support Suite
----------------------------------------------------------------- PT-2011-02 Positive Technologies Security Advisory PHP code Injection in Kayako Support Suite ----------------------------------------------------------------- --- Vulnerable software Kayako Support Suite Version: 3.70.02-stable an...
appRain CMF 0.1.5 - 'Uploadify.php' Unrestricted Arbitrary File Upload
?php / --------------------------------------------------------------------- appRain CMF = 0.1.5 uploadify.php Unrestricted File Upload Exploit --------------------------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotco...
Multiple vulnerabilities in ZENphoto
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ZENphoto, which can be exploited to perform arbitrary PHP code execution, sql injection and cross site scripting attacks. 1 Arbitrary PHP Code Execution in ZENphoto: CVE-2012-0993 Input passed via...
Kayako Support Suite 3.70.02 PHP Code Execution
----------------------------------------------------------------- PT-2011-02 Positive Technologies Security Advisory PHP code Injection in Kayako Support Suite ----------------------------------------------------------------- --- Vulnerable software Kayako Support Suite Version: 3.70.02-stable an...
ImpressPages CMS 1.0.12 Code Execution
======= Summary ======= Name: Remote code execution in ImpressPages CMS Release Date: 5 January 2012 Reference: NGS00109 Discoverer: David Middlehurst Vendor: ImpressPages Vendor Reference: Systems Affected: ImpressPages CMS 1.0.12 Risk: High Status: Published ======== TimeLine ======== Discovere...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers and phpMyAdmin Security Advisories referenced below for details. Impact Remote attackers might be able to insert and...
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection
------------------------------------------------------------------------- Tiki Wiki CMS Groupware = 8.2 snarfajax.php Remote PHP Code Injection ------------------------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............:...
JVN#40498018: WordPress vulnerable to arbitrary PHP code execution
WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Update the software Update to the latest...
Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection
------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1®exres=phpinfo®ex=//e%00/ Tiki internal filters remove all null bytes from user input, but for some strange reason this doesn't happen within admin sessions. So,...
Tiki Wiki CMS Groupware 8.2 - snarf_ajax.php Remote PHP Code Injection
Tiki Wiki CMS Groupware 8.2 - snarfajax.php Remote PHP Code Injection ------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1®exres=phpinfo®ex=//e%00/ Tiki internal filters remove all null bytes from user input, but for...
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Injection
Exploit for php platform in category web applications ------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1®exres=phpinfo®ex=//e%00/ Tiki internal filters remove all null bytes from user input, but for some strange...