Unrestricted file upload

Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specifi...

CVE-2015-1604

Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme aka holdingpattern 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an...

CVE-2014-8268

QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...

Server side request forgery (ssrf)

QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...

CVE-2014-8268

QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...

CVE-2015-1371

Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/...

Unrestricted file upload

Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/...

CVE-2015-1059

Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads...

CVE-2015-1059

Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads...

CVE-2014-9308

Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart aka WordPress Shopping Cart plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...

Unrestricted file upload

Unrestricted file upload vulnerability in libnonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cfuploadfile2 parameter, then accessing the file via a direct request to the fi...

Unrestricted file upload

Unrestricted file upload vulnerability in process-upload.php in ProjectSend formerly cFTP r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/...

Information disclosure

templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

CVE-2011-5314

templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

Information disclosure

The 1 templatewrap/templatefoot.php, 2 cmsjs/plugin.js.php, and 3 cmsincludes/cmspluginapilink.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

Unrestricted file upload

Unrestricted file upload vulnerability in ls/vwsnapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a...

Design/Logic Flaw

The error-handling feature in 1 bp.php, 2 videowhisperstreaming.php, and 3 ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error messag...

CVE-2014-9184

ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to 1 main.cgi, 2 adminpasswd.cgi, 3 userpasswd.cgi, 4 upload.cgi, 5 conprocess.cgi, or 6 connect.cgi...