EUVD-2018-8903

Malware in sbrugna...

CVE-2011-10013

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...

CVE-2011-10013

CVE-2011-10013 affects Traq versions 2.0–2.3. The vulnerability resides in admincp/common.php where flawed authorization allows unauthenticated access to admin-only functionality via plugins.php, enabling remote code execution. Documented exploit references exist (e.g., Exploit-DB entries; Metasp...

CVE-2018-17125

CScms 4.1 allows arbitrary directory deletion via a dir=..\ substring to plugins\sys\admin\Plugins.php...

CVE-2018-17125

CScms 4.1 allows arbitrary directory deletion via a dir=..\ substring to plugins\sys\admin\Plugins.php...

CScms Arbitrary Directory Deletion Vulnerability

CScms is a content management system CMS developed on a CI framework. An arbitrary directory deletion vulnerability exists in CScms version 4.1. An attacker can delete arbitrary directories by sending a dir=... to the plugins\sys\admin\Plugins.php page. \\ sub-string to the...

CVE-2018-1000556

WordPress version 4.8 + contains a Cross Site Scripting XSS vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacke...

CVE-2015-4337

Cross-site scripting XSS vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the exclmanual parameter in the xclonershow page to wpadmin/plugins.php...

CVE-2010-5295

Cross-site scripting XSS vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action...

WordPress <= 3.0.1 - XSS

Because of this vulnerability in wp-admin/plugins.php, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

CVE-2012-2402

CVE-2012-2402 affects WordPress up to version 3.3.1 (patched in 3.3.2). The flaw is in wp-admin/plugins.php, where remote authenticated site administrators could bypass access restrictions and deactivate network-wide plugins via unspecified vectors. The OpenVAS/Nessus/DSA references confirm this ...

Traq 'authenticate()'函数远程代码执行漏洞

Bugtraq ID: 50961 Traq是一款基于PHP/MySQL的项目管理软件 定义在/admincp/common.php中的authenticate函数存在错误： 27. function authenticate 28. 29. global $user; 30. 31. if!$user-group'isadmin' 32. header"Location: login.php"; 33...

WordPress 3.0.1 wp-admin/plugins.php模块跨站脚本漏洞

BUGTRAQ ID: 42440 WordPress是一款免费的论坛Blog系统。 如果action参数设置为delete-selected，WordPress没有正确地过滤提交给wp-admin/plugins.php的checked0参数便返回给了用户，这允许远程攻击者通过提交恶意参数请求执行反射式跨站脚本攻击。 WordPress 3.0.1 厂商补丁： WordPress --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://wordpress.org/...

Authentication flaw

Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files...

CVE-2008-2699

Multiple directory traversal vulnerabilities in Galatolo WebManager GWM 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in 1 the plugin parameter to admin/plugins.php or 2 the com parameter to index.php...

Vulnerability in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Local file include и Directory traversal уязвимости в WordPress. Уязвимость в файле plugins.php движка. Local file include и Directory traversal: http://site/wp-admin/plugins.php?page=....file.php http://site/wp-admin/plugins.php?page=.....htacces...

cutenews aj-fork &lt;= 167f &#40;cutepath&#41; Remote File Include Vulnerability

=========================================================================================================== DeltasecurityTEAM www.Deltasecurity.ir =========================================================================================================== Portal Name : cutenews aj-fork Class =...

CVE-2006-4557

CVE-2006-4557 affects Bob Jewell Discloser 0.0.4, specifically the plugins/plugins.php file. The vulnerability allows remote code execution via a URL in the type parameter, with ongoing dispute about whether the attacker can actually control type. The CVE notes partial/conditional impact and that...

MyBB 1.2 Local File Incusion

Invalid characters removed from From: [email protected], |@securityfocus.com, D3vil-0x1 MyBB Bug Local File Inclusion MyBB 1.2 - Admin Can Include Local File : File :- admin/plugins.php Line :- 51 // if$mybb-input'action' == "activate" $codename = $mybb-input'plugin'; Input From POST $file =...