Page upload.php is vulnerable to Remote File Upload. An attacker can upload a malicious file to the server by sending a POST request to the upload.php page with the malicious file and the name of the file as parameters. The malicious file can be found at http://site.com/wp-content/plugins/uploads/[YYYY]/[MM]/shell.php
FIRSTBORN Movie-Addon is a Addon for the Webspell Web Application for Content Management System. In this Addon we found a Remote Blind SQL Injection vulnerability.The Movie file is Vulnerable and a high risk Bug.The Vulnerability is Not fixed from the coder.The most Webspell Webapplication has a Security System in the Webspell core self.You must bypass the core from Webspell Security System (globalskiller).
WordPress Omni-secure-files 0.1.13 is vulnerable to Remote File Upload. An attacker can upload a malicious file to the server by exploiting the vulnerable upload.php page in the 'examples' folder. The malicious file can be accessed at http://server/wp-content/plugins/wp-content/plugins/omni-secure-files/plupload/examples/uploads/shell.php
Wordpress front-end-upload 0.5.3 is vulnerable to Remote File Upload. An attacker can upload a malicious file to the server by exploiting the upload.php page. If the plugin is not active, the shell can be found at http://server/wp-content/plugins/front-end-upload/FEU_DESTINATION_DIR/shell.php, else it can be found at http://server/wp-content/uploads/iti_feu_uploads/shell.php.
We discovered multiple vulnerabilities on the system. SQL Injection, Login bypass, Arbitrary File Upload, Information disclosure and XSS Stored (persistent). The exploit is for a vulnerability in ler.php, but are the same vulnerability on imprimir.php and imagem.php. Usage: php file.php http://server/path/
SN News version 1.2 is vulnerable to a remote SQL injection vulnerability in the /admin/logar.php file. The vulnerability exists due to insufficient validation of the $login and $senha variables in the file. An attacker can inject a malicious SQL query into the $login and $senha variables to bypass the admin login screen.
Vanilla kPoll 1.2 is vulnerable to stored XSS. An attacker can inject malicious JavaScript code into the poll title field, which is then stored in the database and executed when the poll is viewed. The XSS I used is <script>alert('xss')</script>
This module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.
Audio Editor Master 5.4.1.217 is vulnerable to a denial of service attack when a specially crafted .cda file is opened. The file contains a large number of 'A' characters which causes the application to crash when opened.
A vulnerability in the Gallery Plugin for Wordpress allows an attacker to upload arbitrary files, such as a PHP shell, via a specially crafted HTTP POST request. This can be exploited to gain remote code execution on the server hosting the vulnerable application.
Services By CQR