113 matches found
CVE-2018-15818
An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...
WordPress 3.8.x < 3.8.22 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A flaw in $wpdb-prepare can create unsafe queries leading to potential SQL injection flaws with plugins and themes. - Multiple cross-site scripting XSS vulnerabilities...
Code Execution Vulnerability in Ctcms Movie & TV System Backend
Ctcms is a fast website building system that runs on PHP+MYSQL environment. Code execution vulnerability exists in the backend of Ctcms movie and TV system. It allows attackers to upload exp files, execute commands, and gain server privileges...
PHP7CMS has a file upload vulnerability
PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. PHP7CMS has a file upload vulnerability. Allows attackers to upload webshell and gain server privileges...
JVN#22536871: QQQ SYSTEMS vulnerable to arbitrary command injection
QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability CWE-78. Impact An attacker may execute an arbitrary OS command with the web server's execution privilege. Solution Consider stop using QQQ SYTEMS 2.24 Sinc...
QNAP Signage Station and iArtist Lite contain multiple vulnerabilities
Overview The QNAP Signage Station prior to version 2.0.1 and the accompanying iArtist Lite application contain multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-6022An authenticated attacker without administrative permissions may upload a...
Remote Code Execution in Exponent
High-Tech Bridge Security Research Lab discovered critical vulnerability in Exponent CMS, which can be exploited to inject and execute arbitrary PHP code on the vulnerable system with the privileges of the web server. The vulnerability resides within "/install/index.php" script, when handling...
CVE-2014-6278
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...
Brian Stanback bsguest.cgi 1.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2159/info An input validation vulnerability exists in Brian Stanback's bsguest.cgi, a script designed to coordinate guestbook submissions from website visitors. The script fails to properly filter ';' characters from the...
Greg Matthews Classifieds.cgi 1.0 Hidden Variable Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the...
Greg Matthews Classifieds.cgi 1.0 Metacharacter Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2020/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to read files on the host...
Jason Maloney's Guestbook 3.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize...
Headline Portal Engine 0.x/1.0 HPEInc Parameter Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/19663/info Multiple remote file-include vulnerabilities affect HPE because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage these...
Nakid CMS <= 0.5.2 RFI Vulnerability
Nakid CMS is prone to a remote file inclusion RFI vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion
The version of Coppermine Photo Gallery installed on the remote host fails to filter user-supplied input to the 'GLOBALSUSERlang' parameter of the 'index.php' script before using it to include PHP code in 'includes/init.inc.php'. Provided PHP's 'registerglobals' setting is enabled, an...
JVN#20502807 Snoopy command injection vulnerability
Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command. Impact An arbitrary command could be executed with the privilege of the server where Snoopy runs. Solution Update t...
Oracle Database Server 11.1 - 'CREATE ANY Directory' Privilege Escalation
source: https://www.securityfocus.com/bid/31738/info Oracle Database Server is prone to a privilege-escalation issue related to the 'CREATE ANY DIRECTORY' user privilege. Attackers may exploit this issue to gain full SYSDBA privileges on the vulnerable database server. This issue affects Oracle...
DSA-1113 zope2.7 - programming error
Bulletin has no description...
mediaslashInclude.txt
author: Moroccan Security Team Vendor: www.MediaSlash.com Vendor Contacted greetz to : Moroccan Security Team CiM-TeaM and All Freinds Google : Powered by MediaSlash.com Details: MediaSlash Galleryis is vulnerable to remote URL inclusion vulnerability This flaw is due to an input validation error...
Web4Future Portal Solutions - 'Arhiva.php' Directory Traversal
source: https://www.securityfocus.com/bid/15718/info Portal Solutions is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. This issue may be leveraged to read arbitrary files on an affected computer with the privileges of the Web...