WordPress CM Download Manager Code Injection (CVE-2014-8877)

Content Management Download Manager for WordPress is prone to remote PHP-code execution vulnerability because it fails to validate user input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. This may aid in further attacks or lead to a full...

Kaltura Remote PHP Code Execution

This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized...

Drupal RESTWS Module Remote PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal RESTWS Module Remote PHP Code Execution', 'Description' = %q This module exploits a Remote PHP Code Execution vulnerability in Drupal RESTW...

phpMyFAQ 2.7.9 PHP Code Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : http://0day.today 0 1 + Support e-mail :...

DMarket 1.0 Remote PHP Code Injection

| Title : DMarket 1.0 Remote PHP Code Injection Exploit | Author : indoushka | email : [email protected] | Dork : Copy right © 2010 . All right reserved Powered By : DMarket تمامی حقوق برای فروشگاه Print Art محفوظ است | Tested on: windows 8.1 Français V.Pro | Download :...

Open-Letters - Remote PHP Code Injection

Open-Letters - Remote PHP Code Injection / errorreporting0; settimelimit0; iniset"defaultsockettimeout", 5; function httpsend$host, $packet if !$sock = fsockopen$host, 80 die "\n- No response from $host:80\n"; fwrite$sock, $packet; return streamgetcontents$sock; print "+ Author: TUNISIAN CYBER\n"...

WordPress CM Download Manager Plugin Remote PHP Code Execution Vulnerability

The CM Download Manager for WordPress is prone to remote PHP-code execution vulnerability SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Belchior Foundry VCard 2.9 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15207/info vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote...

RoSPORA <= 1.5.0 - Remote PHP Code Injection

No description provided by source. ?php / -------------------------------------------------- RoSPORA = 1.5.0 Remote PHP Code Injection Exploit -------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://code.google.com/p/rospora/ This PoC...

Active Collab "chat module" <= 2.3.8 - Remote PHP Code Injection Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

PANews 2.0 - Remote PHP Script Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12611/info PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'adminsetup.php...

SQLiteManager 1.2.4 - Remote PHP Code Injection Vulnerability

No description provided by source. Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit Author: RealGame Vendor Homepage:...

Feed on Feeds <= 0.5 - Remote PHP Code Injection Exploit

No description provided by source. ?php / ------------------------------------------------------ Feed on Feeds = 0.5 Remote PHP Code Injection Exploit ------------------------------------------------------ author..........: EgiX mail............: n0b0d13satgmaildotcom software link...:...

AlstraSoft Template Seller Pro 3.25 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15441/info Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute...

phpCOIN 1.2.2 CCFG[_PKG_PATH_DBSE] Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote PHP...

AppServ Open Project 2.4.5 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16166/info AppServ Open Project is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute...

PHPAlbum 0.2.2/0.2.3/4.1 Language.PHP File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17526/info phpAlbum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected compute...

InstantCMS 1.6 - Remote PHP Code Execution

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an...

Kloxo SQL注入和远程代码执行漏洞

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper Ran...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...