PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.
d2e6428ee37fd292066c41b75c9463b4Piwik version 2.16.0 and below suffer from a saveLayout PHP object injection vulnerability.
bd3245f114f5d320f885b704e6a5d15eSymantec Web Gateway versions 5.2.2 and below suffer from an OS command injection vulnerability in new_whitelist.php.
38e30c2ae231c0c90aef4db50c02c12cThis Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.
f9879bb95d16d3382f2534b9240c7d25IPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability.
6818425f032118305ebc187f36a5a134Concrete5 versions 5.7.3.1 and below suffer from a local file inclusion vulnerability.
7aad8a3d1adf10f05ea51ee8ca0e546dConcrete5 versions 5.7.3.1 and below suffer from multiple persistent cross site scripting vulnerabilities.
d058d3ec001d3a60cfa71271ebc40d36Concrete5 versions 5.7.3.1 and below suffer from multiple cross site request forgery vulnerabilities.
a9b43ed5dadf22c5af4f6e27e76b6a2dSugarCRM versions 6.5.23 and below suffer from a PHP object injection vulnerability.
75a86f0ba47e36424e523dde32a8cfb9SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.
d4aa80fa1772da234e2d9b4d7bd5e299SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.
58722361e515edc078b6dc8a90758f93SugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.
7b4962bd34be471d7a0aac23a8f25eaaSugarCRM versions 6.5.18 CE and below suffer from a SAML authentication XML external entity vulnerability.
c28483be9e51e708f3c48952da13852eMagento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.
72ef98d834f769976ae3af136b7e032fCakePHP versions 3.2.0 and below suffer from a _method cross site request forgery protection bypass vulnerability.
4194ead0bfff2ad25e670ee6ecb9f903Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution.
7c5bbac17aa1381c3f80fba1d07afc93Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability.
fe2bdc1b138804dcc2295fdf128146e8ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.
ea74761d9613a5aaa681169d6022a427ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.
7a796af56f53c00102bcd30e7e37145aATutor versions 2.2 and below suffer from a session variable overloading vulnerability.
74806f78aee2c484d9ec08f4e2360333ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.
07499b6750c1e85829c0817d87da1937Magento versions 1.9.2 and below suffer from an autoloaded file inclusion vulnerability.
0d483734c211446d05ddbd10b09fa487Concrete5 versions 5.7.4 and below suffer from a remote SQL injection vulnerability.
a86a67533b104a9a04ac54e69e6dbc4cConcrete5 versions 5.7.3.1 and below suffer from multiple cross site scripting vulnerabilities.
52fa2b017d1038fdac8e8eb582abd41aConcrete5 versions 5.7.3.1 and below suffers from a sendmail-related remote code execution vulnerability.
39c25351d8a9a7d81649b89b2338e528
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed