Contao Directory Traversal Vulnerability (CNVD-2017-25541)

Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . A security vulnerability exists in Contao versions prior to 3.5.28 and 4.x versions prior to 4.4.1. A remote attacker can exploit the vulnerability...

ManageEngine Desktop Central 10 Build 100087 RCE(CVE-2017-11346)

Description: When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter using hasVulnerabilityInFileName function. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which...

CMS Made Simple Upload Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMSMS version...

MetInfo Code Execution Vulnerability

MetInfo is a Content Management System CMS developed using PHP and Mysql. An arbitrary code execution vulnerability exists in MetInfo version 5.3.17. A remote attacker can exploit this vulnerability to create PHP scripts with malicious images...

CVE-2016-4897

Multiple cross-site scripting XSS vulnerabilities in 1 filter/saveforward.cgi, 2 filter/save.cgi, 3 /man/search.cgi in Usermin before 1.690...

HTTPD: sets environmental variable based on user supplied Proxy request header

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

Blade - A Webshell Connection Tool With Customized WAF Bypass Payloads

Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper 中国菜刀. Chooper is a very cool webshell client with widly typies of server side scripts supported, but Chooper can only work on Windows opreation system, so this is th...

ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability

This module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of the value ...

Cogent DataHub <= 7.1.1.63 Source Disclosure

No description provided by source. Luigi Auriemma Application: Cogent DataHub http://www.cogentdatahub.com/Products/CogentDataHub.html Versions: = 7.1.1.63 Platforms: Windows Bug: source disclosure Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web:...

UBUNTU-CVE-2011-3727

DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files...

Cogent DataHub 7.1.1.63 - Source Disclosure

Cogent DataHub 7.1.1.63 - Source Disclosure Luigi Auriemma Application: Cogent DataHub http://www.cogentdatahub.com/Products/CogentDataHub.html Versions: = 7.1.1.63 Platforms: Windows Bug: source disclosure Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma e-mail: [email protected]...

Microsoft IIS ASP Scripts Source Code Disclosure (CVE-2005-2678)

The Internet Information Server IIS is a Web server packaged with several versions of the Windows operating system. The server is capable of serving static, as well as dynamic content. The server is equipped with the Active Server Pages ASP technology which is utilized for dynamic content...

PT-2007-4446 · Freddie Chung · Ckeditor

Name of the Vulnerable Software and Affected Versions: FCKeditor version 2.4.2 Description: The issue is related to an incomplete blacklist vulnerability in the filemanager component. This allows remote attackers to upload arbitrary .php files using an alternate data stream syntax, such as...

w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory 14 w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities Description: w-agora is a set of scripts written in PHP. This package is intended to allow users to share, exchange and publish information, files and discussions over the web. Multiple path disclosur...

PT-2006-5643 · Telekorn · Telekorn Signkorn Guestbook

Name of the Vulnerable Software and Affected Versions: Telekorn SignKorn Guestbook SL versions 1.3 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir path parameter in multiple PHP files, including "index.php", "includes/functions.gb.php"...

UBUNTU-CVE-2006-2692

Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal...

Claroline E-Learning 1.51.6 - exercises_details.php?exo_id SQL Injection

Claroline E-Learning 1.51.6 - exercisesdetails.php?exoid SQL Injection source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize...

Claroline E-Learning 1.51.6 - userInfo.php Multiple SQL Injections

Claroline E-Learning 1.51.6 - userInfo.php Multiple SQL Injections source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied...

Server side scripts viewing in Goahead webserver &lt;= 2.1.7

Luigi Auriemma Application: Goahead webserver http://12.129.4.11/webserver/webserver.htm Versions: = 2.1.7 Platforms: multiplatform Bug: source code viewing of server side script files Risk: low/medium Exploitation: easy via browser Date: 17 Dec 2003 Author: Luigi Auriemma e-mail:...