OpenKM allows administrative users (those having the AdminRole) to run bean shell scripts. Due to this permission an attacker could lure an OpenKM administrator to a malicious web page that causes arbitrary OS commands to run in the administrators OpenKM session context.
op5 Appliance contains an input validation flaw related to the system-portal component that allows a remote attacker to execute arbitrary shell commands via command injection.
This module exploits a Remote Code Execution vulnerability in Mantis version 1.1.3 caused by Mantis handling the sort parameter in manage_proj_page without the proper validation. This allows for remote code execution on Mantis' Web server. This module starts a web server on the Core Impact Console to publish the agent, which is downloaded from the target.
Input passed via the "page" parameter to index.php is not properly sanitised in the "Router()" function in core/lib/router.php before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code.
The LANDesk web application does not sufficiently verify if a well-formed request was created by the user whose browser submitted the request. Using this flaw an external remote attacker can use a Cross-site Request Forgery attack via a user with a LANDesk session to run arbitrary code using the gsbadmin user (that is the user running the web-server), the gsbadmin user has sudo privileges. Looking at /etc/sudoers, you can see that the attacker can also take down the firewall (injecting: ; sudo /subin/firewall stop into DRIVES) and load arbitrary kernel modules (injecting ; sudo /subin/modprobe /tmp/a_module), effectively taking complete control of the server. In order to be able to successfully make the attack, the administrator must be logged in to the appliance with the browser that the attacker uses to make the attack (for instance, exploiting a XSS in a different tab in the browser).
A vulnerability exists in the TinyMCE editor, included in the tiny browser plugin, which allows uploading files without authentication. This can be exploited to upload files with multiple extensions and execute arbitrary PHP code.
e107 CMS is vulnerable to a command injection in its installation script due to a lack of sanitization on the MySQL server parameter.
This module exploits a SQL Injection vulnerability in Drupal.An attacker can send a specially crafted data and execute arbitrary SQL commands leading to remote code execution.
The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an Core Impact agent, creates a php file to execute the agent and then makes a request to the file. The result is an Core Impact agent running on the webserver.
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.