CVE-2013-20002 – Elemin < 1.4.3 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-20002
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. Elemin permite a atacantes remotos cargar y ejecutar código PHP arbitrario por medio del archivo wp-content/themes/elemin/themify/themify-ajax.php del framework Themify (versiones anteriores a 1.2.2) • https://en.0day.today/exploit/22090 https://packetstormsecurity.com/files/124149/WordPress-Elemin-Shell-Upload.html https://themify.me/blog/updated-themify-framework-to-fix-the-vulnerability https://themify.me/blog/urgent-vulnerability-found-in-themify-framework-please-read • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2009-4417
https://notcve.org/view.php?id=CVE-2009-4417
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed." La función shutdown en la clase Zend_Log_Writer_Mail en Zend Framework (ZF) permite a atacantes dependientes del contexto enviar mensajes e-mail de su lección a varias direcciones a través de vectores relacionados con "events not yet mailed." • http://www.sektioneins.de/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability http://www.suspekt.org/2009/12/09/advisory-032009-piwik-cookie-unserialize-vulnerability • CWE-264: Permissions, Privileges, and Access Controls •