WordPress CM Download Manager Plugin Remote PHP Code Execution Vulnerability

The CM Download Manager for WordPress is prone to remote PHP-code execution vulnerability SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

AlstraSoft Template Seller Pro 3.25 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15441/info Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute...

Belchior Foundry VCard 2.9 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15207/info vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote...

SQLiteManager 1.2.4 - Remote PHP Code Injection Vulnerability

No description provided by source. Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit Author: RealGame Vendor Homepage:...

Feed on Feeds <= 0.5 - Remote PHP Code Injection Exploit

No description provided by source. ?php / ------------------------------------------------------ Feed on Feeds = 0.5 Remote PHP Code Injection Exploit ------------------------------------------------------ author..........: EgiX mail............: n0b0d13satgmaildotcom software link...:...

AppServ Open Project 2.4.5 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16166/info AppServ Open Project is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute...

RoSPORA <= 1.5.0 - Remote PHP Code Injection

No description provided by source. ?php / -------------------------------------------------- RoSPORA = 1.5.0 Remote PHP Code Injection Exploit -------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://code.google.com/p/rospora/ This PoC...

phpCOIN 1.2.2 CCFG[_PKG_PATH_DBSE] Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote PHP...

PHPAlbum 0.2.2/0.2.3/4.1 Language.PHP File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17526/info phpAlbum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected compute...

InstantCMS 1.6 - Remote PHP Code Execution

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an...

Active Collab "chat module" <= 2.3.8 - Remote PHP Code Injection Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Kloxo SQL注入和远程代码执行漏洞

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper Ran...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

HP System Management Home Page Command Injection (CVE-2013-3576)

A Remote PHP Code Injection has been reported in HP System Management. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful exploitation would result...

ImpressPages cm_group Parameter Remote PHP Code Execution

The ImpressPages install hosted on the remote web server contains a flaw that allows arbitrary PHP code execution. Input passed to the 'cmgroup' parameter is not properly sanitized before being used in a PHP eval function call. An unauthenticated, remote attacker can leverage this vulnerability t...

SQLiteManager 1.2.4 - Remote PHP Code Injection

SQLiteManager 1.2.4 - Remote PHP Code Injection !/usr/bin/env python ''' Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit...

Network Shutdown Module 3.21 Remote PHP Code Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/phpexe' class Metasploit3...

WeBid converter.php Remote PHP Code Injection

This module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution. This module requires Metasploit:...

FreeBSD : phpmyfaq -- Remote PHP Code Execution Vulnerability (c80a3d93-8632-11e1-a374-14dae9ebcf89)

The phpMyFAQ project reports : The bundled ImageManager library allows injection of arbitrary PHP code to execute arbitrary PHP code and upload malware and trojan horses. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

vBSEO 3.6.0 - proc_deutf() Remote PHP Code Injection (Metasploit)

vBSEO 3.6.0 - procdeutf Remote PHP Code Injection Metasploit require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly...