CVE-2012-5168

ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to 1 user/indexinlineeditorsubmit.php or 2 coursecategory/indexinlineeditorsubmit.php...

CVE-2012-5168

ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to 1 user/indexinlineeditorsubmit.php or 2 coursecategory/indexinlineeditorsubmit.php...

Unrestricted file upload

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory...

Unrestricted file upload

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...

CVE-2012-1153

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...

Improper access control

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to 1 apphire/silverstripeversion or 2 cms/silverstripeversion...

CVE-2011-5161

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under...

Unrestricted file upload

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under...

CVE-2012-1607

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...

UBUNTU-CVE-2012-1607

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...

Server side request forgery (ssrf)

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...

CVE-2011-5148

Multiple incomplete blacklist vulnerabilities in the Simple File Upload modsimplefileuploadv1.3 module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a 1 php5, 2 php6, or 3 double e.g. .php.jpg extension, then accessing it via a direct request t...

CVE-2012-4036

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged b...

CVE-2012-4219

showconfigerrors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file...

CVE-2012-4255

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refreshdblist.php, which reveals the installation path in an error message...

CVE-2012-4254

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information Notices via a direct request to 1 learn/cubemail/restore.php or 2 learn/cubemail/dump.php...

Design/Logic Flaw

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information Notices via a direct request to 1 learn/cubemail/restore.php or 2 learn/cubemail/dump.php...

CVE-2012-4254

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information Notices via a direct request to 1 learn/cubemail/restore.php or 2 learn/cubemail/dump.php...

Improper access control

Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db...

Authentication flaw

The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under 1 status/, 2 system/, 3 ports/, 4 trunks/, 5 vlans/, 6 qos/, 7 rstp/, 8 dot1x/, 9 security/, 10 igmps/, or 11 snmp/...