CVE-2017-1000238

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver...

Online Reviewer System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Online Reviewer System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...

Energetic Bear/Crouching Yeti: attacks on servers

Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010. The group tends to attack different companies with a strong focus on the energy and industrial sectors. Companies attacked by Energetic Bear/Crouching Yeti are geographically distributed worldwide with a more...

Design/Logic Flaw

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver...

CVE-2017-1000238

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver...

CVE-2017-1000238

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver...

Underground CMS 1.x Search.Cache.Inc.PHP Backdoor Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26521/info Underground CMS is prone to a backdoor vulnerability. Attackers can exploit this issue to gain unauthorized access to the application. Successful attacks will compromise the affected application and possibly th...

Dokeos <= 1.8.4 whoisonline.php id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...

Sambar Server 4.x/5.0 Insecure Default Password Protection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3095/info Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. Sambar Server provides insecure default protection for user passwords. The default password decryption algorithm employs only...

Dokeos <= 1.8.4 main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...

SPIP 1.8.3 Spip_login.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17423/info SPIP is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remot...

Prototype of an PHP application 0.1 ident/identification.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

Prototype of an PHP application 0.1 plugins/phpgacl/index.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

AzDGVote 0 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17447/info AzDGVote is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

Blog System 1.x Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/39406/info Blog System is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and...

Prototype of an PHP application 0.1 common.inc.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

LittlePhpGallery <= 1.0.2 LFI Vulnerability

LittlePhpGallery is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/38402/info OpenInferno OI.Blogs is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute...

CuteNews 1.4.6 - &#039;index.php&#039; Cross-Site Request Forgery (New User Creation)

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

eliteCMS multiple Vulnerabilities

eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input...