2595 matches found
Thinksns2. 8 file upload exploit exp-vulnerability warning-the black bar safety net
Vulnerability version The presence of vulnerabilities the version: latest 2. 8 stable version. Other version not test. Vulnerability file Vulnerable file is: thumb.php Author: Wei kunpeng 1, Prepare the following PHP file and upload it to the server yourself. File content as follows: ? php echo “...
PHPLiteAdmin 1.9.3 - Remote PHP Code Injection
PHPLiteAdmin 1.9.3 - Remote PHP Code Injection Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in t...
WordPress WP-Property PHP file upload vulnerability-vulnerability warning-the black bar safety net
WordPress WP-Property PHP file upload vulnerability This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
banana dance b.2.6 - Multiple Vulnerabilities
banana dance b.2.6 - Multiple Vulnerabilities Advisory ID: HTB23118 Product: Banana Dance Vendor: bananadance.org Vulnerable Versions: B.2.6 and probably prior Tested Version: B.2.6 Vendor Notification: October 3, 2012 Public Disclosure: December 19, 2012 Vulnerability Type: PHP File Inclusion...
banana dance b.2.6 - Multiple Vulnerabilities
Advisory ID: HTB23118 Product: Banana Dance Vendor: bananadance.org Vulnerable Versions: B.2.6 and probably prior Tested Version: B.2.6 Vendor Notification: October 3, 2012 Public Disclosure: December 19, 2012 Vulnerability Type: PHP File Inclusion CWE-98, Improper Access Control CWE-284, SQL...
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload (CVE-2012-0299)
An arbitrary code execution vulnerability has been reported in the management GUI in Symantec Web Gateway...
Multiple vulnerabilities in BabyGekko
Advisory ID: HTB23122 Product: BabyGekko Vendor: babygekko.com Vulnerable Versions: 1.2.2e and probably prior Tested Version: 1.2.2e Vendor Notification: October 24, 2012 Vendor Patch: November 4, 2012 Public Disclosure: November 14, 2012 Vulnerability Type: SQL Injection CWE-89, PHP File Inclusi...
BabyGekko 1.2.2e XSS / LFI / SQL Injection
Advisory ID: HTB23122 Product: BabyGekko Vendor: babygekko.com Vulnerable Versions: 1.2.2e and probably prior Tested Version: 1.2.2e Vendor Notification: October 24, 2012 Vendor Patch: November 4, 2012 Public Disclosure: November 14, 2012 Vulnerability Type: SQL Injection CWE-89, PHP File Inclusi...
BabyGekko 1.2.2e - Multiple Vulnerabilities
BabyGekko 1.2.2e - Multiple Vulnerabilities Advisory ID: HTB23122 Product: BabyGekko Vendor: babygekko.com Vulnerable Versions: 1.2.2e and probably prior Tested Version: 1.2.2e Vendor Notification: October 24, 2012 Vendor Patch: November 4, 2012 Public Disclosure: November 14, 2012 Vulnerability...
BabyGekko 1.2.2e XSS / LFI / SQL Injection Vulnerabilities
BabyGekko version 1.2.2e suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities. Product: BabyGekko 1.2.2e Vendor: babygekko.com Vulnerable Versions: 1.2.2e and probably prior Tested Version: 1.2.2e Vendor Notification: October 24, 2012 Vendor Patch:...
BabyGekko 1.2.2e - Multiple Vulnerabilities
Advisory ID: HTB23122 Product: BabyGekko Vendor: babygekko.com Vulnerable Versions: 1.2.2e and probably prior Tested Version: 1.2.2e Vendor Notification: October 24, 2012 Vendor Patch: November 4, 2012 Public Disclosure: November 14, 2012 Vulnerability Type: SQL Injection CWE-89, PHP File Inclusi...
Family Connections CMS v2. 5. 0-v2. 7. 1 (less.php) remote command execution exploit-vulnerability warning-the black bar safety net
Author: TPCS From: 90sec Blog: http://blog.163.com/jianshitianxiaao/ 0x01 introduction Recently in practice some PoC, to find this old cave to practice hand, the first PoC released is in the exploitDB on, just not posted the link, we go to search under it. A start to get to the original PoC, want...
akcms code execution vulnerability-vulnerability warning-the black bar safety net
Last week digging out of the akcms background stencil getshell feeling nothing new, and then carefully looked at the code, found a comparison with“the future”of the hole, the code execution vulnerability, and the problem function is that the authors provided to the station user for secondary...
qdPM 7.0 - Arbitrary '.PHP' File Upload (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "qdPM v7 Arbitrary...
Multiple vulnerabilities in Banana Dance
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Banana Dance, which can be exploited to gain access to sensitive information, perform SQL injection attacks and compromise vulnerable system. 1 PHP File Inclusion in Banana Dance: CVE-2012-5242 Input passed via the "nam...
ProjectPier 0.8.8 Shell Upload
Exploit for php platform in category web applications ProjectPier 0 echo $FILES"file""error" . " " . $FILES"file""name" . " " . $FILES"file""tmpname"; else $folder = rtrim './upload/' . $POST'folder' , '/'; @mkdir$folder, 0777, true; $seq = strpadint $POST"part",4,"0",STRPADLEFT;...
ProjectPier 0.8.8 Shell Upload
ProjectPier 0 echo $FILES"file""error" . " " . $FILES"file""name" . " " . $FILES"file""tmpname"; else $folder = rtrim './upload/' . $POST'folder' , '/'; @mkdir$folder, 0777, true; $seq = strpadint $POST"part",4,"0",STRPADLEFT; moveuploadedfile$FILES"file""tmpname", $folder . '/'...
CVE-2011-5197
Cross-site request forgery CSRF vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files...
CVE-2011-5195
Cross-site request forgery CSRF vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file...