OpenX 2.8.10 Cross Site Scripting / Local File Inclusion Vulnerabilities

OpenX version 2.8.10 suffers from cross site scripting and local file inclusion vulnerabilities. Vendor: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: May 8, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: PHP...

OpenX 2.8.10 Cross Site Scripting / Local File Inclusion

Advisory ID: HTB23155 Product: OpenX Vendor: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: May 8, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: PHP File Inclusion CWE-98, Cross-Site Scripting CWE-79 CVE...

HP Insight Diagnostics 8.20 b2878 multiple vulnerabilities

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Environment: Tested on both windows and linux x32 platforms. The installation requires HP Insight...

HP System Management Homepage contains a command injection vulnerability

Overview HP System Management Homepage contains a command injection vulnerability CWE-77 that may result in arbitrary command execution and privilege escalation. Description Markus Wulftange from Daimler TSS reports: The vulnerability is located in the ginkgosnmp.inc PHP file in the...

gpEasy CMS 4.0 Shell Upload Vulnertability

gpEasy CMS version 4.0 suffers from a remote shell upload vulnerability. Exploit Title : gpEasy CMS Malicious File Upload Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://gpeasy.com/ Software Link : http://gpeasy.com/SpecialgpEasy?cmd=dlzip Versio...

php LFI to read the php file source code as well as directly post webshell-vulnerability warning-the black bar safety net

Recently in the busy defcon topic training where a set of topics where there is a foreigner to write it is mentioned in the LFI, another tips The original text please refer to the PS: the skill is not a new technology bull God has certainly been with got bored, so when passing on the line =,= I...

Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities

Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: M...

Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities

Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection CWE-89,...

Exponent CMS 2.2.0 Beta 3 LFI / SQL Injection Vulnerabilities

Exponent CMS version 2.2.0 beta 3 suffers from local file inclusion and remote SQL injection vulnerabilities. Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patc...

Exponent CMS 2.2.0 Beta 3 LFI / SQL Injection

Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection CWE-89,...

Multiple Vulnerabilities in Exponent CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Exponent CMS, which can be exploited to execute arbitrary SQL commands in the database of vulnerable application and execute arbitrary PHP code on the vulnerable system. 1 SQL Injection in Exponent CMS: CVE-2013-3294 Th...

Mastery OA getshell vulnerability analysis attached to the EXP-bug warning-the black bar safety net

Author: West Poison@SafeKey Team In general/vmeet/ under privateUpload. php file We look at the code the includeonce "inc/conn.php" ; //contains the conn. php the file the includeonce "inc/utilityfile.php" ;//contains utilityfile. php this file obendclean ; //clear the buffer $uploadFileName =...

BigAnt Messenger Server DUPF Arbitrary File Upload

Added: 04/01/2013 CVE: CVE-2012-6274 BID: 57214 OSVDB: 89342 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt Server 2.97 and earlier does not require authentication for file uploading, and does not...

BigAnt Messenger Server DUPF Arbitrary File Upload

Added: 04/01/2013 CVE: CVE-2012-6274 BID: 57214 OSVDB: 89342 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt Server 2.97 and earlier does not require authentication for file uploading, and does not...

FreeBSD : piwigo -- CSRF/Path Traversal (edd201a5-8fc3-11e2-b131-000c299b62e1)

High-Tech Bridge Security Research Lab reports : The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in '/admin.php' script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...

CVE-2013-0224

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file...

Code injection

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file...

Bubble Amoy（popotao）Amoy program official back door analysis-vulnerability warning-the black bar safety net

Bubble scouring is a pretty good Amoy built Station program, the official web site: http://www.popotao.com the. I was their one of the users of Since the official months are not updated to keep up with Taobao API update speed, so I want to solve on their own, put the official 6 a ZEND encrypted P...

piwigo -- CSRF/Path Traversal

High-Tech Bridge Security Research Lab reports: The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...

Sky classroom file upload vulnerability-vulnerability warning-the black bar safety net

Brief description: Allow the upload of dangerous file type,this system is still a lot of Open the network course website, as shown in Figure, landing it, and now SkyDrive. Upload a PHP file, the web site didn't filter PHP file. ! 1 8-300x166. png ! 1 8-300x166. png ! 1 8-300x166. png After enteri...