Files from Phil Taylor ≈ Packet Storm

↧

WordPress BackWPup 1.6.1 Code Execution

March 28, 2011, 11:59 am

The WordPress BackWPup plugin version 1.6.1 suffers from a vulnerability that allows for local or remote code to be executed.

View Article

PHPCaptcha / Securimage Authentication Bypass

May 20, 2011, 7:17 am

PHPCaptcha / Securimage versions 1.0.4 through 2.0.2 suffer from an authentication bypass vulnerability. Proof of concept code included.

View Article

WordPress BackWPup 2.1.4 Code Execution

October 17, 2011, 7:43 am

WordPress plugin BackWPup version 2.1.4 suffers from a remote code execution vulnerability.

View Article

Symfony 2 Unauthenticated Information Disclosure

March 5, 2012, 8:39 am

The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a...

View Article

QNAP Command Injection

June 17, 2012, 8:45 am

QNAP Turbo NAS with firmware versions 3.6.1 Build 0302T and below suffer from a command injection vulnerability that allows for remote code execution.

View Article

Elcom Community Manager 7.4.10 Shell Upload

August 24, 2012, 7:58 pm

Elcom Community Manager versions 7.4.10 from Elcom CMS suffers from a remote shell upload vulnerability.

View Article

Ektron CMS 8.5.0 File Upload / XXE Injection

September 5, 2012, 6:27 pm

Ektron CMS version 8.5.0 suffers from unauthenticated file upload and XXE injection vulnerabilities.

View Article