TestLink versions 1.9.12 and below suffer from a PHP object injection vulnerability in execSetResults.php.
84140ec47ef7b41446e409364cc8ec283f65b120fa742ffdf380813e2bf74c75
X2Engine versions 4.1.7 and below suffer from an unrestricted file upload vulnerability due to poor use of a blacklist.
f7f0d377cb996b5e9e79057b4c8a18347d9ead55c06712219f6e0ee4196c0f23
X2Engine versions 2.8 through 4.1.7 suffer from a PHP object injection vulnerability.
ce312d6d96cd4f148fb2b5cecb97b68cf00a123ef5c0ba90f41a768e2c83ad31
OpenCart versions 1.5.6.4 and below suffer from a PHP objection injection vulnerability.
663873769c470a4e3c4873762728fbfdc6d21b8ca404b7e2e387b6e5ecd39c4e
This is a Metasploit modules that leverages an authenticated arbitrary file upload vulnerability in Dotclear versions 2.6.2 and below.
fa7134cec4517d630b5ea12c4242fbfc9bfb06e0df1b252b0e24e5fa245675a6
Dotclear versions 2.6.2 and below suffer from a remote SQL injection vulnerability.
2067441f7e53b38ccded93a55914eb552ab0546ea50c16e0ae0faf9cda833960
Dotclear versions 2.6.2 and below suffer from a remote shell upload vulnerability.
31ef78e04a371a4e90bcaf14ef4a3350c0869ac317a39cdbeb7a37d65897f61e
Dotclear versions 2.6.2 and below suffer from an XML-RPC interface authentication bypass vulnerability.
0ba9c89e27c9ba118a254a769b3bfb910bbbcfd3ba96f87cd6f39126a26f52b7
This Metasploit module exploits a php unserialize() vulnerability in Horde versions 5.1.1 and below which could be abused to allow unauthenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() exists in the 'lib/Horde/Variables.php' file. The exploit abuses the __destruct() method from the Horde_Kolab_Server_Decorator_Clean class to reach a dangerous call_user_func() call in the Horde_Prefs class.
29c01edc4c0a6e6872a0827d3816b1b853df5b79ddb58262cb3d16dea0cc69e5
Secunia Research has discovered a vulnerability in OpenPNE, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to the "opSecurityUser::getRememberLoginCookie()" method defined in the /lib/user/opSecurityUser.class.php script using the "unserialize()" function with user controlled input. This can be exploited to e.g. delete arbitrary files or execute arbitrary PHP code via specially crafted serialized objects sent in a "Cookie" header. Versions 3.6.13 and 3.8.9 are affected.
862f28c500db8c6dd1aadc552ac50b3312005f2ee4381d1d21469bd13a2f955d
vTiger CRM allows an user to bypass authentication when requesting SOAP services. In addition, arbitrary file upload is possible through the AddEmailAttachment SOAP service. By combining both vulnerabilities an attacker can upload and execute PHP code. This Metasploit module has been tested successfully on vTiger CRM v5.4.0 over Ubuntu 10.04 and Windows 2003 SP2.
096231674c8f8b909aa615a43b74ff7759a1a02e9d084e43958295c8fdccd15f
This Metasploit module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval()' with user controlled data from the 'modname' parameter.
7c1e06a8368ff3ba80da09ec39f138b29b87f7223b028687a6f1c5149cc3a95f
openSIS versions 4.5 through 5.2 suffer from a remote PHP code injection vulnerability.
42dccb85d42a4ca8903f8b7a25053348c82f5e5ee560bdeb03a693bb4e662dc7
Vanilla Forums versions 2.0.18.5 and below suffer from a PHP object injection vulnerability in class.utilitycontroller.php that in turn allows for local file inclusion.
829bb0d9cc0b99656c9ede4877cba82c24d8fcd7cfe7d08bf5d263689320b351
vtiger CRM versions 5.4.0 and below suffer from an authentication bypass vulnerability in the validateSession() function of multiple SOAP services.
4c13f831557ef27b5842aff9fd698a9ebf4ce0876e6b9976884ca5c5550883da
vtiger CRM versions 5.4.0 and below suffer from multiple remote SQL injection vulnerabilities in customerportal.php.
0bdbe4caa49a6accff478f7e437e0fb94a9d85c37596d337ecd9e9829b7ce9ee
vtiger CRM versions 5.4.0 and below suffer from multiple local file inclusion vulnerabilities in customerportal.php.
29e3aad2d7ca794886041f23e78628f30acc7129c030d2bf78107c3a25fe0a1f
vtiger CRM versions 5.4.0 and below suffer from a remote PHP code injection vulnerability in vtigerolservice.php.
815a18f425acb88ab1539eda82729d41812748d11048ac8fb98c75353fce269b
Joomla! versions 3.0.3 and below suffer from a PHP object injection vulnerability in remember.php.
92c1b16050368998c04ca3342d9eced12b23a19d5974b249776e4d6b55dcefcd
Joomla! versions 3.0.2 and below suffer from a PHP object injection vulnerability in highlight.php.
b92a59cc11acf090199faddc39dc367a4ca15c89eb182aeebe087497a2bb2b43
CubeCart versions 5.0.0 through 5.2.0 suffer from a PHP object injection vulnerability in cubecart.class.php.
b8ea293ae015b63e23adb34ead1c724de72f0f626c8efabb09536e66ba543d0f
This Metasploit module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure usage of preg_replace() with the e modifier, which allows to inject arbitrary php code, when the template in use contains a [catlist] or [not-catlist] tag.
50f8efbcf7eeeb9778960d972ce5de90e0aadc26bfd2b879e8e78dbcd0d82f9c
DataLife Engine version 9.7 suffers from a PHP code injection vulnerability in preview.php.
f9fca371c6cc4a2c4cbce0576e95fe335c2ff36d4ec6b96f3b9230f8bf8b8d3a
This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.
7e91adb9a9ee325db99241f1b63825bee21c97d9b41b272172e2f7674cc58e74
Invision Power Board versions 3.3.4 and below unserialize() PHP code execution exploit.
1330fc925eed3070b675329ffbec4961ebf0fa056a417f753e1981215eacb94e