55 matches found
WordPress MDC YouTube Downloader Plugin Arbitrary File Download Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.MDC YouTube Downloader is one of the plug-ins that allows visitors to download YouTube videos directly from the WordPress...
WordPress Estrutura-Basica theme 'download.php' arbitrary file download vulnerability
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Estrutura-Basica is one of the basic structure themes. An arbitrary file download vulnerability exists in the WordPres...
TinyWebGallery Local File Inclusion Vulnerability
TinyWebGallery TWG is a software developer Michael Dempfle developed a set of open source album based on Ajax, PHP and XML , it provides text and image watermarking , slide show , image uploading and management and other functions . A local file inclusion vulnerability exists in TWG that stems fr...
AjaXplorer 'save_zoho.php' Arbitrary File Upload Vulnerability
AjaXplorer renamed Pydio is a software that enables file management functions on the remote side via local... An arbitrary file upload vulnerability exists in AjaXplorer 'savezoho.php' because the application fails to adequately filter user-supplied input. An attacker can exploit this vulnerabili...
cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...
CuteNews 0.88 comments.php Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers. Under some circumstances, it is possible for remote attackers to influence the include path for several...
Simple E-Document upload Remote Code Execution
A remote code execution vulnerability has been found in Simple E-Document. The vulnerability is due to the access cookie which could be abused to bypass authentication. A remote attacker can exploit this weakness to upload malicious PHP files which could result in arbitrary code execution in the...
Drupal Video Module 任意PHP代码执行漏洞
BUGTRAQ ID: 57525 Drupal是一款开源的内容管理平台。 Drupal Video 7.x-2.x模块存在任意PHP代码执行漏洞,攻击者可利用此漏洞在Web服务器上下文中执行任意PHP代码。 0 Drupal Video module 厂商补丁: Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://drupal.org/project/video...
Narcissus Image Configuration Passthru Vulnerability
This module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configureimage function. In this function, the $release parameter can be used to inject system...
AVA VoIP - Multiple Vulnerabilities
AVA VoIP - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/54591/info AVA VoIP is prone to multiple security vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of a...
BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure
source: https://www.securityfocus.com/bid/47731/info BMC Dashboards is prone to to multiple information-disclosure and cross-site scripting issues because the application fails to properly sanitize user-supplied input. A remote attacker may leverage the cross-site scripting issues to execute...
Campsite 2.6.1 - 'SubscriptionSection.php?g_documentRoot' Remote File Inclusion
source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier versions may also be affected...
Merak Mail Server 8.2.4 r - Arbitrary File Deletion
source: https://www.securityfocus.com/bid/14988/info Merak Mail Server is affected by an arbitrary file deletion vulnerability. This issue arises due to an input validation error allowing an attacker to delete files in the context of the Web server running the application. An attacker can exploit...
IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution (1)
IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution 1 source: https://www.securityfocus.com/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data...
Webchat 0.77 - 'Defines.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/7000/info Webchat is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote user-supplied data. Under some circumstances...