CakePHP versions 3.2.0 and below suffer from a _method cross site request forgery protection bypass vulnerability.
6e2e864c04d0c6c4360fa94fcb1ed1542e92335d6934e0804e1d0d0100ff489d
Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution.
84f13b541beeab5027a0a0d132f9bddd2aec51f57b18ea61539b18dec408924d
Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability.
eee59dc36374f91dced40b4ea48194596072b837658dfbeccc53d0849c0265bd
ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.
d68f51a39b755fe477331334371a85a9867f5564885f7740eefbf41a2c9a3341
ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.
3f019a580730a65969fb1ee296eee1f664af50dc8c239571889044cbaa6c68b0
ATutor versions 2.2 and below suffer from a session variable overloading vulnerability.
fbaac07ae5c801f3305296ae4796cdbada7788e75ace0989665efa6ffddd79c9
ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.
bfe91d27b6015c2947337a14fd42a2923a402b9ed2d98972883b08ff15515b82
Magento versions 1.9.2 and below suffer from an autoloaded file inclusion vulnerability.
fc7990f532774d8eb7b6c58646a4184c066856b3fb99521ec6baa6859a83e854
Concrete5 versions 5.7.4 and below suffer from a remote SQL injection vulnerability.
09135e38d13882eebea77629d624025c3928967909de59178c537978dfc7e7ac
Concrete5 versions 5.7.3.1 and below suffer from multiple cross site scripting vulnerabilities.
5a6ef1506e51dfe8f5c743d4ac107de78835ad514c929a0dbd4c1e19c02acdda
Concrete5 versions 5.7.3.1 and below suffers from a sendmail-related remote code execution vulnerability.
2738129737c2ca9db8afcb24d75b7688377742b1d8ad9da2b2e8397c4bd6faed
Open Letters remote PHP code injection exploit.
5b55b8dec7032e9a0c9a5a10c5e92faa1e847ea73b757f2e6b21d10d4274b5e0
This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator.
7810fcb69993934064a2c2e0dc2b58aaf5d7e3002088449a8499f31076eee919
Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability.
80e097e61c3144721b95a38213e7b0f3f782bac6d90fcd41c8baf29fdbab0249
GetSimple CMS versions 3.1.1 through 3.3.4 suffer from an XML external entity injection vulnerability.
08abfc94e71de2ed8b547ff31a3d88150accaa5198692c3c78a8a9486fd32308
Mantis Bug Tracker versions 1.2.0 through 1.2.17 suffer from a PHP code injection vulnerability.
5123adecd54a72a557dfcb5fa13fb9a040dc8f7303ed28a65d028c74cd29df24
Osclass versions 3.4.2 and below suffer from a local file inclusion vulnerability.
540c5a7d1919e55e0e1b5450e86af76917b39fa680c1edfea9aecdb3e4c5c065
Osclass versions 3.4.2 and below suffer from a remote shell upload vulnerability.
825d51702a5b5cff864eca84c0ff288307cf0918b165529a013cccb1666471cd
Osclass versions 3.4.2 and below suffer from a remote SQL injection vulnerability.
feb708538ef7cc58e421b2def7ebaeb3f6f71a708040f56f501d7b1cde85fc88
This Metasploit module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() call exists in the 'src/www/project/register.php' file. The exploit abuses the destructor method from the Jabbex class in order to reach a call_user_func_array() call in the Jabbex class and call the fetchPostActions() method from the Transition_PostAction_FieldFactory class to execute PHP code through an eval() call. In order to work, the target must have the 'sys_create_project_in_one_step' option disabled.
5a33756ac6f164ee2fb059946d33588c9b36b6022e2d724e212c9716e418d54e
Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php.
192dd00027ad64789b52484759c17f92a935cf687f895373607d3b900d19a1ad
This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code on the remote machine.
48a52817bee791b7eaeae5d5e9a609d2d96fd14642c96da155fb1a16a00bf9c9
TestLink versions 1.9.12 and below suffer from a path disclosure weakness.
d4e121ab0a2d7487bb19bb362e04c56ee75b63e8fc27574280cfee78584f1aad
TestLink versions 1.9.12 and below suffer from a PHP object injection vulnerability in execSetResults.php.
84140ec47ef7b41446e409364cc8ec283f65b120fa742ffdf380813e2bf74c75
X2Engine versions 4.1.7 and below suffer from an unrestricted file upload vulnerability due to poor use of a blacklist.
f7f0d377cb996b5e9e79057b4c8a18347d9ead55c06712219f6e0ee4196c0f23