Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager pPIM 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory...

CVE-2008-4428

Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager pPIM 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory...

Unrestricted file upload

Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/uplo...

Information disclosure

Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. NOTE: some of these details are obtained from third party information...

CVE-2008-4183

IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename...

CVE-2008-4115

TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function...

CVE-2008-4115

TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function...

CVE-2008-4115

CVE-2008-4115 : The vulnerability affects TalkBack 2.3.6, where a remote attacker can disclose configuration information by directly requesting install/info.php, which calls the phpinfo function. The root cause is the information disclosure via phpinfo exposure through a non-authenticated, remote...

Information disclosure

TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function...

Cross site request forgery (csrf)

Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php...

CVE-2008-3592

Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing t...

CVE-2008-3592

Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing t...

CVE-2008-3481

themes/sample/theme.php in Coppermine Photo Gallery CPG 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...

CVE-2008-3400

XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function...

CVE-2008-3362

Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in...

CVE-2008-3327

Moodle 1.6.5, when displayerrors is enabled, allows remote attackers to obtain sensitive information via a direct request to 1 blog/blogpage.php and 2 course/report/stats/report.php, which reveals the installation path in an error message...

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in ContentNow CMS 1.4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/...

Unrestricted file upload

Unrestricted file upload vulnerability in updateprofile.php in PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of 1 image/gif, 2 image/jpeg, or 3 image/pjpeg, then accessing it via a direct request to the file unde...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/...

CVE-2008-2873

sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb...