247 matches found
Drupal CODER Module Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploits a Remote Command Execution vulnerability in Drupal CODER...
TWiki 'debugenableplugins' Parameter RCE
The version of TWiki installed on the remote host is affected by a remote code execution vulnerability due to a failure to properly sanitize user-supplied input to the 'debugenableplugins' parameter upon submission to the 'view' script. A remote, unauthenticated attacker can exploit this issue to...
X2Engine < 4.0 ProfileController.php Unrestricted File Upload Vulnerability
According to its version number, the X2Engine application installed on the remote web server is prior to version 4.0. It is, therefore, potentially affected by a file upload vulnerability in the '/protected/controllers/ProfileController.php' script. An attacker can exploit this issue to upload...
apache-poi: XML eXternal Entity (XXE) flaw
It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity...
Teiid: XML eXternal Entity (XXE) flaw in SQL/XML parsing
It was found that Teiid SQL/XML permitted XML eXternal Entity XXE attacks. If a REST endpoint was deployed, a remote attacker could submit a request containing an external XML entity that, when resolved, allowed that attacker to read files on the application server in the context of the user...
CVE-2014-3333
The server in Cisco Unity Connection 9.11 and 9.12 allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014...
Oracle Demantra 12.2.1 - Arbitrary File Disclosure
Oracle Demantra 12.2.1 - Arbitrary File Disclosure Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet...
VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX (remote check)
VMware ESXi and ESX unauthorized file access through vCenter Server and ESX OpenVAS Vulnerability Test $Id: gbVMSA-2013-0016remote.nasl 6074 2017-05-05 09:03:14Z teissa $ VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX remote check Authors: Michael Meyer...
Parallels Plesk Panel phppath/php vulnerability
Overview Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms are vulnerable to remote code execution. Description Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms may be exploited by a combination of CVE-2012-1823 and the Plesk phppath script alias usage. There have been...
W3 Total Cache Plugin for WordPress Multiple Insecure PHP Code Inclusion Macros Remote Code Execution
The W3 Total Cache Plugin for WordPress installed on the remote host is affected by a remote PHP code execution vulnerability due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can submit a comment to a WordPress blog containing arbitrary PHP code. The...
TWiki < 5.1.4 MAKETEXT Variable Tilde Character Command Injection
According to its version number, the instance of TWiki running on the remote host is affected by a command injection vulnerability. The '%MAKETEXT%' variable fails to properly sanitize user-supplied input. A remote attacker can exploit this issue to execute arbitrary shell commands on the remote...
ZoneMinder Video Server packageControl Command Execution
This module exploits a command execution vulnerability in ZoneMinder Video Server version 1.24.0 to 1.25.0 which could be abused to allow authenticated users to execute arbitrary commands under the context of the web server user. The 'packageControl' function in the 'includes/actions.php' file...
Horde - Horde_Image::factory driver Argument Local File Inclusion
Horde - HordeImage::factory driver Argument Local File Inclusion Exploit Title: Horde HordeImage::factory driver Argument Local File Inclusion Google Dork: intitle:horde Date: 10-02-2011 Author: skysbsb Software Link: http://www.horde.org/download/ Version: Horde 3.3.2 Tested on: linux CVE :...
PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion
The web server hosts PhpGedView, a web-based real estate listing management application written in PHP. The version of PhpGedView installed on the remote host fails to sanitize user input to the 'pgvaction' parameter of the 'module.php' script before using it to include PHP code. Regardless of...
RSForm! Component for Joomla! 'lang' Parameter Local File Include
The version of the RSForm! component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'lang' parameter before using it in the forme.php script to include PHP code. An unauthenticated, remote attacke...
vtiger CRM phprint.php lang_crm Parameter Local File Inclusion
The version of vtiger CRM installed on the remote host does not sanitize user input to the 'langcrm' parameter of the 'phprint.php' script before using it to include PHP code. An unauthenticated, remote attacker may be able to leverage this issue to view arbitrary files or possibly execute...
OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution
The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...
eFront 'langname' Parameter Traversal Local File Inclusion
The version of eFront running on the remote web server is affected by a local file inclusion vulnerability due to improper sanitization of user-supplied input to the 'langname' parameter of the language.php script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting,...
Scriptegrator Plugin for Joomla! 'files[]' Parameter Remote File Include
The version of the Core Design Scriptegrator plugin for Joomla! running on the remote host is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'files' parameter before using it in the cdscriptegrator/libraries/highslide/js/jsloader.php...
TinyBrowser Component for Joomla! 'tinybrowser_lang' Cookie Local File Include
The version of the TinyBrowser component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'tinybrowserlang' cookie before using it in the tinymce/plugins/tinybrowser/folders.php script to include PH...