TestLink versions 1.9.12 and below suffer from a PHP object injection vulnerability in execSetResults.php.
84140ec47ef7b41446e409364cc8ec283f65b120fa742ffdf380813e2bf74c75X2Engine versions 4.1.7 and below suffer from an unrestricted file upload vulnerability due to poor use of a blacklist.
f7f0d377cb996b5e9e79057b4c8a18347d9ead55c06712219f6e0ee4196c0f23X2Engine versions 2.8 through 4.1.7 suffer from a PHP object injection vulnerability.
ce312d6d96cd4f148fb2b5cecb97b68cf00a123ef5c0ba90f41a768e2c83ad31OpenCart versions 1.5.6.4 and below suffer from a PHP objection injection vulnerability.
663873769c470a4e3c4873762728fbfdc6d21b8ca404b7e2e387b6e5ecd39c4eThis is a Metasploit modules that leverages an authenticated arbitrary file upload vulnerability in Dotclear versions 2.6.2 and below.
fa7134cec4517d630b5ea12c4242fbfc9bfb06e0df1b252b0e24e5fa245675a6Dotclear versions 2.6.2 and below suffer from a remote SQL injection vulnerability.
2067441f7e53b38ccded93a55914eb552ab0546ea50c16e0ae0faf9cda833960Dotclear versions 2.6.2 and below suffer from a remote shell upload vulnerability.
31ef78e04a371a4e90bcaf14ef4a3350c0869ac317a39cdbeb7a37d65897f61eDotclear versions 2.6.2 and below suffer from an XML-RPC interface authentication bypass vulnerability.
0ba9c89e27c9ba118a254a769b3bfb910bbbcfd3ba96f87cd6f39126a26f52b7This Metasploit module exploits a php unserialize() vulnerability in Horde versions 5.1.1 and below which could be abused to allow unauthenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() exists in the 'lib/Horde/Variables.php' file. The exploit abuses the __destruct() method from the Horde_Kolab_Server_Decorator_Clean class to reach a dangerous call_user_func() call in the Horde_Prefs class.
29c01edc4c0a6e6872a0827d3816b1b853df5b79ddb58262cb3d16dea0cc69e5Secunia Research has discovered a vulnerability in OpenPNE, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to the "opSecurityUser::getRememberLoginCookie()" method defined in the /lib/user/opSecurityUser.class.php script using the "unserialize()" function with user controlled input. This can be exploited to e.g. delete arbitrary files or execute arbitrary PHP code via specially crafted serialized objects sent in a "Cookie" header. Versions 3.6.13 and 3.8.9 are affected.
862f28c500db8c6dd1aadc552ac50b3312005f2ee4381d1d21469bd13a2f955dvTiger CRM allows an user to bypass authentication when requesting SOAP services. In addition, arbitrary file upload is possible through the AddEmailAttachment SOAP service. By combining both vulnerabilities an attacker can upload and execute PHP code. This Metasploit module has been tested successfully on vTiger CRM v5.4.0 over Ubuntu 10.04 and Windows 2003 SP2.
096231674c8f8b909aa615a43b74ff7759a1a02e9d084e43958295c8fdccd15fThis Metasploit module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval()' with user controlled data from the 'modname' parameter.
7c1e06a8368ff3ba80da09ec39f138b29b87f7223b028687a6f1c5149cc3a95fopenSIS versions 4.5 through 5.2 suffer from a remote PHP code injection vulnerability.
42dccb85d42a4ca8903f8b7a25053348c82f5e5ee560bdeb03a693bb4e662dc7Vanilla Forums versions 2.0.18.5 and below suffer from a PHP object injection vulnerability in class.utilitycontroller.php that in turn allows for local file inclusion.
829bb0d9cc0b99656c9ede4877cba82c24d8fcd7cfe7d08bf5d263689320b351vtiger CRM versions 5.4.0 and below suffer from an authentication bypass vulnerability in the validateSession() function of multiple SOAP services.
4c13f831557ef27b5842aff9fd698a9ebf4ce0876e6b9976884ca5c5550883davtiger CRM versions 5.4.0 and below suffer from multiple remote SQL injection vulnerabilities in customerportal.php.
0bdbe4caa49a6accff478f7e437e0fb94a9d85c37596d337ecd9e9829b7ce9eevtiger CRM versions 5.4.0 and below suffer from multiple local file inclusion vulnerabilities in customerportal.php.
29e3aad2d7ca794886041f23e78628f30acc7129c030d2bf78107c3a25fe0a1fvtiger CRM versions 5.4.0 and below suffer from a remote PHP code injection vulnerability in vtigerolservice.php.
815a18f425acb88ab1539eda82729d41812748d11048ac8fb98c75353fce269bJoomla! versions 3.0.3 and below suffer from a PHP object injection vulnerability in remember.php.
92c1b16050368998c04ca3342d9eced12b23a19d5974b249776e4d6b55dcefcdJoomla! versions 3.0.2 and below suffer from a PHP object injection vulnerability in highlight.php.
b92a59cc11acf090199faddc39dc367a4ca15c89eb182aeebe087497a2bb2b43CubeCart versions 5.0.0 through 5.2.0 suffer from a PHP object injection vulnerability in cubecart.class.php.
b8ea293ae015b63e23adb34ead1c724de72f0f626c8efabb09536e66ba543d0fThis Metasploit module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure usage of preg_replace() with the e modifier, which allows to inject arbitrary php code, when the template in use contains a [catlist] or [not-catlist] tag.
50f8efbcf7eeeb9778960d972ce5de90e0aadc26bfd2b879e8e78dbcd0d82f9cDataLife Engine version 9.7 suffers from a PHP code injection vulnerability in preview.php.
f9fca371c6cc4a2c4cbce0576e95fe335c2ff36d4ec6b96f3b9230f8bf8b8d3aThis Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.
7e91adb9a9ee325db99241f1b63825bee21c97d9b41b272172e2f7674cc58e74Invision Power Board versions 3.3.4 and below unserialize() PHP code execution exploit.
1330fc925eed3070b675329ffbec4961ebf0fa056a417f753e1981215eacb94e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed