phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
46f778fd23af1e4e604d32a71ab007e759502445aee2fac99855d70658df179c
TikiWiki contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered due to the jhot.php script not correctly verifying uploaded files. It is possible that the flaw may allow arbitrary PHP code execution by uploading a malicious PHP script resulting in a loss of integrity. The vulnerability has been reported in Tikiwiki version 1.9.4.
f7850ab13f084ee0399ccaa4266f25beedbf677492fc535ebf17997b1756a1ce
TikiWiki versions 1.9.8 and below contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tiki-graph_formula.php' script not properly sanitizing user input supplied to the f variable, which may allow a remote attacker to execute arbitrary PHP commands resulting in a loss of integrity.
2c4a8a6e81f67352e72024e2f545f7d1ae145048bf376afb7ae97d09bf473fe9
This Metasploit module combines three separate issues within The Simple PHP Blog (versions 0.4.0 and below) application to upload arbitrary data and thus execute a shell. The first vulnerability exposes the hash file (password.txt) to unauthenticated users. The second vulnerability lies within the image upload system provided to logged-in users; there is no image validation function in the blogger to prevent an authenticated user from uploading any file type. The third vulnerability occurs within the blog comment functionality, allowing arbitrary files to be deleted.
50264a6496c4736a34367e584387b0458ab475eb594ae22a834552e36308bb11
RedTeam has identified two security flaws in PAJAX versions 0.5.1 and below. It is possible to execute arbitrary PHP code from unchecked user input. Additionally, it is possible to include arbitrary files on the server ending in ".class.php".
223f89066530be65e8100cf31774da9860ea9f254965c65c5bc52ade6f7acfac
This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable.
c7fdffbbd0281a931ef1b75a62465cf757ccbfbbe17fe89aeaf55cb24d294f22
googlegath is a free open source utility to obtain informations through Google searches. It could be useful for penetration testing, security scanning, etc. googlegath has been tested on GNU/Linux, *BSD systems.
e754e380fcd9e0ba64eeb22cf691c7a8ed0da8b395cb718921623b3649666ab1
snmpcheck is a free open source utility to get information via SNMP protocols. It works fine against Windows, Linux, Cisco, HP-UX, SunOS systems and any devices with SNMP protocol support. It could be useful for penetration testing or systems monitoring. snmpcheck has been tested on GNU/Linux, *BSD and Windows (Cygwin) systems.
d761829bf0e54681d7f7286dc9fdb8136fc370c218b85024b7c22a2e209970ca
snmpcheck is a tool to get information via SNMP protocols for Windows, Linux, Cisco, HP-UX and SunOS platforms. Tested on GNU/Linux, *BSD and Windows (Cygwin and ActivePerl) systems. Distributed under the GPL license and based on Athena-2k script by jshaw.
d41ac4459a12ff293160ae66984f94115d1ebd6f8943ec46db4edaf82ce8645b
snmpcheck is a tool to get information via SNMP protocols for Windows, Linux, Cisco, HP-UX and SunOS platforms. Tested on GNU/Linux, *BSD and Windows (Cygwin and ActivePerl) systems. Distributed under the GPL license and based on Athena-2k script by jshaw.
25c63b6755c36fdf3b9fd075352226e2368d0f4fcbea0ae0928677e9eb11db10
snmpcheck is a tool to get information via SNMP protocols for Windows, Linux, Cisco, HP-UX and SunOS platforms. Tested on GNU/Linux, *BSD and Windows (Cygwin and ActivePerl) systems. Distributed under the GPL license and based on Athena-2k script by jshaw.
b2fe0fd3cd85760db76dcb3582fe0a41491f75110f42b65de418ede033916f9d