UBUNTU-CVE-2017-6817

In WordPress before 4.7.3 wp-includes/embed.php, there is authenticated Cross-Site Scripting XSS in YouTube URL Embeds...

WordPress File Manager 3.0.1 Plugin - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinfilemanagerwordpressplugin.html Abstract A Cross-Site Request Forgery CSRF vulnerability was found in the File Manager WordPress Plugin. Among others, this issue can be use...

Takas Classified 1.1 - SQL injection vulnerability

controllers/Classifiedads. php file subcatid and catid, the locid, the areaid, type, and post parameter into the SQL statement cause the SQL injection to produce SQL injection points: http://localhost/PATH/index. php/classifiedads/ads/?& subcatid=SQL http://localhost/PATH/index...

Pear HTTP_Upload 1.0. 0b3 - arbitrary file upload

Vulnerability description Vulnerability impact: Pear HTTPUpload 1.0. 0b3 Download: https://pear.php.net/manual/en/package.http.http-upload.php Vulnerability type: arbitrary file upload Pear HTTPUpload profile: Pear's HTTPUpload class library provides a good package of html form file upload handle...

POSNIC 1.03 Shell Upload

0 echo "Return Code: " . $FILES"file""error" . ""; else $upload = $FILES"file""name"; $type = $FILES"file""type"; if fileexists"upload/" . $FILES"file""name" unlink$upload; $name = $FILES"file""name"; moveuploadedfile$FILES"file""tmpname", "upload/" . $name; //echo "Stored in: " . "upload/"...

HTTP_Upload 1.0.0.b3 Arbitrary File Upload

Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTPUPLOAD-ARBITRARY-FILE-UPLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product: ==================== HTTPUpload v1.0.0b3 Download:...

CVE-2017-5520

The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the .php6, .php7 and .phtml extensions...

BoZoN 2.4 Remote Command Execution

Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BOZON-PRE-AUTH-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: ============ bozon.pw/en/ Product: =========== BoZoN 2.4 Bozon is a simple file-sharing app. Easy to...

CVE-2016-9836

The file scanning mechanism of JFilterInput::isFileSafe in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally,...

Code injection

The file scanning mechanism of JFilterInput::isFileSafe in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally,...

Boonex Dolphin < 7.3.3 RCE Vulnerability - Active Check

Boonex Dolphin is prone to a remote code execution RCE vulnerability in SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution Exploit

Exploit for php platform in category web applications Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;? 0day.today 2018-03-31...

Joomla 3.4.4 - 3.6.4 - Account Creation / Privilege Escalation Exploit

Exploit for php platform in category web applications Source: https://github.com/XiphosResearch/exploits/tree/master/Joomraa While analysing the recent Joomla exploit in comusers:user.register we came across a problem with the upload whitelisting. They don't allow files containing SetHandler...

[20161202] - Core - Shell Upload

Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded...

PHPCMS V9 role.php file SQL injection vulnerability

PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. A SQL injection vulnerability exists in the PHPCMS V9 role.php file, which allows attackers to exploit the vulnerability to obtai...

Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)

Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.8 and below Vulnerability Type: Arbitrary Code Execution Severity: High Suggested CVSS v2.0:...

SQL injection vulnerability in '/biweb/user/regin.php' in biweb V5.86

BIWEB Business Intelligence Website System is a website system relying on ArthurXF enterprise application-level PHP development framework, developed and designed by the Shanghai NetWorks Network Information Co., Ltd. is a rapid development, simple and easy to use object-oriented enterprise...

PHP File Vault 0.9 - Directory Traversal

Exploit for php platform in category web applications PHP File Vault version 0.9 , remote directory traversal and read file vulnerabilty ================================================================================== Discovered by NA, NAattutanota.com ======================================...

PHP File Vault 0.9 - Directory Traversal

PHP File Vault version 0.9 , remote directory traversal and read file vulnerabilty ================================================================================== Discovered by NA, NAattutanota.com ====================================== Description =========== A very small PHP website...

PHP File Vault 0.9 Directory Traversal / File Read

PHP File Vault version 0.9 , remote directory traversal and read file vulnerabilty ================================================================================== Discovered by NA, NAattutanota.com ====================================== Description =========== A very small PHP website...