The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads. Date published : 2019-05-24...
PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter. Date published : 2019-05-24 https://blog.ripstech.com/2016/phpkit-code-exection-for-privileged-users/ https://demo.ripstech.com/projects/phpkit_1.6.6
In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php. Date published : 2019-05-24 https://blog.ripstech.com/2016/redaxo-remote-code-execution-via-csrf/ https://demo.ripstech.com/projects/redaxo_5.2.0
Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself. Date published :...
AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php. Date published : 2019-05-24 https://blog.ripstech.com/2016/abantecart-multiple-sql-injections/ https://demo.ripstech.com/projects/abantecart_1.2.8
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter. Date published : 2019-05-24 https://blog.ripstech.com/2016/vtiger-sql-injection/ https://demo.ripstech.com/projects/vtiger_6.5.0
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. Date published : 2019-05-24 https://blog.ripstech.com/2016/e107-sql-injection-through-object-injection/ https://demo.ripstech.com/projects/e107_2.1.2
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. Date published : 2019-05-24...
osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via...
Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. Date published : 2019-05-24 http://www.securityfocus.com/bid/108476 http://www.stack.nl/~dimitri/doxygen/manual/changelog.html#log_1_8_12
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. Date published : 2019-05-24 https://fenceposterror.github.io/2017/06/16/Hacking-For-Fun-And-Non-Profit.html
Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. Date published : 2019-05-24 https://github.com/TheWickerMan/CVE-Disclosures/blob/master/CVE-2018-19613.md https://www.westermo.us/
The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code. Date published : 2019-05-24 https://github.com/TheWickerMan/CVE-Disclosures/blob/master/CVE-2018-19612.md https://www.westermo.us/
An issue was discovered in Bitdefender Engines before 7.76808. A vulnerability has been discovered in the dalvik.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a...