229 matches found
CVE-2016-9045
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
OpenEMR Unrestricted File Upload Vulnerability
OpenEMR is a medical practice management software that also supports electronic medical records EMR. An unrestricted file upload vulnerability exists in interface/super/managesitefiles.php in versions of OpenEMR prior to 5.0.1.4, which can be exploited by a remote attacker who uploads a PHP file...
WordPress Booking Calendar Plugin Local File Inclusion Vulnerability
WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports the hosting of personal blogging sites on servers running PHP and MySQL.Booking Calendar is one of the booking systems for making online reservations and checking the...
SiteBridge Joruri Gw Arbitrary File Upload Vulnerability
SiteBridge Joruri Gw is a group assignment software from SiteBridge Japan. An arbitrary file upload vulnerability exists in SiteBridge Joruri Gw 3.2.0 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...
GxlcmsQY update function arbitrary PHP code execution vulnerability
GxlcmsQY system is a quick website cms tailored for business users. An arbitrary PHP code execution vulnerability exists in the update function in LibLibActionAdminTplAction.class.php in Gxlcms QY v1.0.0713. A remote attacker can exploit this vulnerability by placing code in a template to execute...
PrestaShop Responsive Mega Menu Pro Module Code Execution Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. The solution provides a variety of payment methods , short message alerts and product image zoom and other features.Responsive Mega Menu Horizontal + Vertical + Dropdown Pro module is used in which a responsive menu module . A...
CVE-2018-5782
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...
CVE-2017-16903
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php...
CVE-2017-1000160
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...
UBUNTU-CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...
CVE-2017-14346
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file...
FineCms Remote Code Execution Vulnerability
FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A remote code execution vulnerability exists in FineCms version 5.0.9. A remote attacker can exploit this vulnerability to execute arbitrary PHP code with the help of the 'param' function in th...
CVE-2017-7570
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...
Remote Command Execution Vulnerability in Next-Generation Firewall System of SinoCom-ArtM
The InforCube Next-Generation Firewall NFW is a comprehensive security gateway security solution. A remote command execution vulnerability exists in the InforCube Next Generation Firewall system. The vulnerability allows an attacker to write php code into a file by modifying the install.php post...
MODX Revolution 'setup/controllers/welcome.php' file remote code execution vulnerability
MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A security vulnerability exists in the setup/controllers/welcome.php file in MODX Revolution 2.5.4-pl an...
Remote File Inclusion
Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example...
Source Code Disclosure
Scanner has detected server-side source code within the server's response. A modern web application will be reliant on several different programming languages. These languages can be broken up in two flavours. These are client-side languages such as those that run in the browser -- like JavaScrip...
Form-based File Upload
The design of many web applications require that users be able to upload files that will either be stored or processed by the receiving web server. Scanner has flagged this not as a vulnerability, but as a prompt for the penetration tester to conduct further manual testing on the file upload...
MobaXterm Personal Edition Directory Traversal Vulnerability
MobaXterm Professional Edition is a terminal software.MobaXterm allows you to start remote sessions.Each session you start is automatically saved and displayed in the left sidebar. MobaXterm Personal Edition suffers from a directory traversal vulnerability that stems from a failure to adequately...
C2Box 4.0.0(r19171) Validation Bypass
Title: Validation Bypass in C2Box application allows user to input negative value Author: Harish Ramadoss Vendor: boxautomationB.A.S Product: C2Box Version: All versions below 4.0.0r19171 Tested Version: Version 4.0.0r19171 Severity: Medium CVE Reference: 2015-4626 About the Product: B.A.S C2Box...