Articles for tag "Code Execution": 28
2017 Mar 24
pfsense is an open source firewall. The web interface is written in PHP. In version 2.3.2-RELEASE (amd64), the setup wizard is vulnerable to code execution. It should be noted that by default, only an administrator can access the setup wizard. By default, administrators have far-reaching permissions via the wizard and via other functionality. There are however some custom configurations where this vulnerability could lead to privilege escalation or undesired code execution.
2017 Mar 17
HumHub is a social media platform written in PHP. In version 0.20.1 as well as 1.0.0-beta.3, it is vulnerable to Code Execution as some functionality allows the uploading of PHP files. Successfull exploitation requires specific server settings. A user account is required as well, but registration is open by default.
2017 Feb 02
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to code execution because of two different vulnerabilities. It allows the upload of files with dangerous type, as well as PHP code injection. To exploit this a editor or admin account is required.
2016 Nov 10
Lepton is a content management system written in PHP. In version 2.2.2, it is vulnerable to code execution as it is possible to upload files with dangerous type via the media manager.
2016 Nov 10
Jaws is a content management system written in PHP. In version 1.1.1, it is vulnerable to code execution as it allows the upload of files with a dangerous type. An account with extended privileges is required.
2016 Mar 15
PivotX is vulnerable to code execution by authenticated users as it does not check the extension of files when renaming them.
2016 Jan 28
Bigace 3.0 allows the uploading of media file, but there is no verification, allowing the upload of PHP files by editors and administrators.
2016 Jan 28
There is a code execution vulnerability in Wolf CMS v0.8.3.1. A user account with the Editor role is required.
2016 Jan 28
There is a code execution vulnerability in Xoops 2.5.7.1. An admin account is required to exploit this issue, but the request is not protected against CSRF.
2015 Dec 21
Grawlix 1.0.3 does not check the file type or extension when an admin uploads an icon, leading to code execution.
2015 Dec 21
The file extension whitelist of CouchCMS 1.4.5 misses pht, which may lead to code execution under certain circumstances.
2015 Dec 02
There is a code execution vulnerability in the admin area of 4images 1.7.11.
2015 Dec 02
There are two Code Execution vulnerabilities in phpwcms 1.7.9. A registered user is required to exploit these issues.
2015 Dec 02
There are two code execution vulnerability in the admin area of Geeklog 2.1.0.
2015 Dec 02
There is a Code Execution vulnerability in the admin area of redaxscript 2.5.0.
2015 Dec 02
appRain 4.0.3, Code Execution, vulnerability, advisory
2015 Nov 13
There is a Code Execution vulnerability in ClipperCMS 1.3.0
2015 Nov 13
There is a Code Execution vulnerability in dotclear 2.8.1.
2015 Nov 13
There are two Code Execution vulnerabilities in TomatoCart v1.1.8.6.1.
2015 Nov 04
There is a Code Execution vulnerability in the admin area of XCart 5.2.6.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of TheHostingTool 1.2.6.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of CubeCart 6.0.7.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.
2015 Sep 14
There is an arbitrary file upload vulnerability in the admin area of ZeusCart 4.0. This issue has not been fixed.
2015 Sep 14
There is an arbitrary file upload vulnerability in the admin area of Zen Cart 1.5.4 as well as an information leak. This issue has only been partially fixed.
2015 Sep 01
There is a code execution vulnerability in Serendipity 2.0.1. It requires a registered user to exploit.
2015 Sep 01
There is a Code Execution vulnerability in the admin area of NibbleBlog 4.0.3. The issue is not yet fixed.
2015 Aug 17
The file editor of the admin area of Bolt 2.2.4 allows for the editing of file extensions, which leads to code execution once an attacker has gained admin credentials.
