SPIP form PHP Injection

This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are use exploit/multi/http/spiprceform ms...

PrestaShop Adobe Stock API integration file upload vulnerability

PrestaShop is an open source e-commerce solution. PrestaShop Adobe Stock API integration reset/modules/advancedformmakeredit/multiupload/upload.php A file upload vulnerability exists that allows remote attackers to submit a special request that can be exploited to upload . php file and execute it...

File Inclusion Vulnerability in ThinkCMF 2.2.3 Frontend Wid*** File

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. ThinkCMF 2.2.3 file inclusion vulnerability exists in the frontend Wid file. An attacker can exploit this vulnerability to write a webshell and obtain web privileges...

Command Execution Vulnerability in Panabit

Panabit is the intelligent application gateway software developed by PaiNet based on PanaOS operating system. Panabit suffers from a command execution vulnerability. An attacker can obtain root privileges by constructing a payload for remote command injection with web privileges...

vBulletin 'index.php' Remote File Inclusion Vulnerability

vBulletin is a WEB application. A remote file inclusion vulnerability exists in vBulletin 'index.php', which allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary code with WEB privileges...

SAP NetWeaver Application Server Java Path Traversal Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications. A directory traversal vulnerability in scheduler/ui/js/ffffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver AS Java allows remote attackers to submit a...

Exponent CMS Local File Inclusion Vulnerability

Exponent CMS is a free, open source, modular PHP-based content management system. Exponent CMS suffers from a local file inclusion vulnerability that allows remote attackers to submit a specially crafted request to view the contents of system files with WEB privileges...

Rockwell Automation 1766-L32 Series Remote File Inclusion Vulnerability

The Rockwell Automation 1766-L32 Series is a 1766-L32 series programmable logic controller PLC. The Rockwell Automation 1766-L32 Series fails to adequately filter user-submitted input, allowing remote attackers to exploit the vulnerability by submitting a special request to view the contents of...

BlackCat CMS Directory Traversal Vulnerability

BlackCat CMS is a content management system based on PHP5 and HTML5. BlackCat CMS suffers from a directory traversal vulnerability that allows remote attackers to view the contents of system files with WEB privileges by submitting a character containing a directory traversal...

AirLink101 SkyIPCam1620W 'snwrite.cgi' OS Command Injection Vulnerability

AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP Network Camera is a wireless network camera product. The AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP Network Camera 'snwrite.cgi' script fails to validate the filtering of user-submitted inputs, allowing remote attackers to exploit the submitted...

WordPress ACF Frontend Display Plugin Arbitrary File Upload Vulnerability

WordPress is a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up personal blog site.ACF Frontend Display is a plugin to add the type of navigation menu fields. A security vulnerability in the WordPress ACF Frontend Display file upload...

Berta CMS 'upload.php' arbitrary file upload vulnerability

Berta CMS is a PHP-based web content management system. Berta CMS suffers from an arbitrary file upload vulnerability that allows remote attackers to exploit the vulnerability to submit a special file to be executed with WEB privileges...

WordPress Aspose DOC Exporter Plugin Arbitrary File Download Vulnerability

WordPress is a blogging platform developed using the PHP language that supports personal blog sites on servers with PHP and MySQL.Aspose DOC Exporter is a plugin that allows administrators to export post content. An arbitrary file download vulnerability exists in the WordPress Aspose DOC Exporter...

ZOHO ManageEngine Desktop Central MSP 'InventorySWMeteringServlet' Arbitrary File Upload Vulnerability

ZOHO ManageEngine Desktop Central MSP is a desktop and mobile device management software for MSPs. The software enables MSPs to remotely manage desktops, servers, and mobile devices in their customer networks and provide differentiated management services for organizations of all sizes. An...

SuiteCRM 'Upload Company Logo' Function Arbitrary File Upload Vulnerability

SugarCRM is an open source customer relationship management system . The SuiteCRM 'Upload Company Logo' function fails to properly process user-submitted input, allowing remote attackers to exploit the vulnerability to submit a special file and execute arbitrary code with WEB privileges context...

Pluck 'albums_getimage.php' path traversal vulnerability

pluk is a simple PHP-based content management system. A directory traversal vulnerability exists in Pluck that allows remote attackers to submit a special directory traversal request to view the contents of system files with WEB privileges...

Unspecified Code Injection Vulnerability in phpMyBackupPro (CNVD-2015-02947)

phpMyBackupPro is a professional MySql backup tool. phpMyBackupPro suffers from unspecified code injection, which allows an authenticated remote attacker to exploit a vulnerability to inject arbitrary PHP code and execute it with WEB privileges...

Unspecified code injection vulnerability in phpMyBackupPro (CNVD-2015-02946)

phpMyBackupPro is a professional MySql backup tool. phpMyBackupPro suffers from unspecified code injection, which allows an authenticated remote attacker to exploit a vulnerability to inject arbitrary PHP code and execute it with WEB privileges...

WordPress Plugin Work The Flow File Arbitrary File Upload Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Work The Flow File is a file upload plugin for Wordpress. A file upload vulnerability exists in the WordPress plugi...

Maarch LetterBox Arbitrary File Upload Vulnerability

Maarch LetterBox is a WEB-based application. Maarch LetterBox fails to properly validate uploaded files, allowing an attacker to exploit a vulnerability to submit special files and execute them with WEB privileges...