Lucene search
K

422 matches found

Exploit DB
Exploit DB
added 2007/03/15 12:0 a.m.57 views

McGallery 0.5b - 'download.php' Arbitrary File Download

Piker McGallery 0.5b Arbitrary File Download Vulnerability Affected software: McGallery 0.5b Vendor: http://sourceforge.net/projects/mcgallery/ Dork: allintitle: "MCgallery 0.5b" http://target/path/download.php?filename=main.php Found by Piker The Am0s Team Greetz: KX-T33, kakalake, nAzGuL, Putus...

7.4AI score
Exploits0
Prion
Prion
added 2007/02/26 5:28 p.m.13 views

Directory traversal

Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

7.8CVSS7.1AI score0.03584EPSS
Exploits1References8
CVE
CVE
added 2007/02/26 5:0 p.m.49 views

CVE-2007-1100

CVE-2007-1100 describes a directory traversal vulnerability in the Proj. Ahmet Sacan’s Pickle project (before 20070301). The flaw resides in download.php, where an attacker can supply a crafted file parameter containing ".." to cause arbitrary local file disclosure. Affected component: Pickle (Ah...

7.8CVSS6.6AI score0.03584EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2007/02/26 5:0 p.m.15 views

CVE-2007-1100

Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

6.6AI score0.03584EPSS
Exploits1References8
exploitpack
exploitpack
added 2007/02/24 12:0 a.m.22 views

Pickle 0.3 - download.php Local File Inclusion

Pickle 0.3 - download.php Local File Inclusion source: https://www.securityfocus.com/bid/22703/info picKLE is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local...

7.4AI score
Exploits0
NVD
NVD
added 2007/01/31 11:28 a.m.17 views

CVE-2007-0620

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php...

5CVSS6.6AI score0.03499EPSS
Exploits1References7
Cvelist
Cvelist
added 2007/01/31 11:0 a.m.22 views

CVE-2007-0620

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php...

6.6AI score0.03499EPSS
Exploits1References7
exploitpack
exploitpack
added 2007/01/26 12:0 a.m.11 views

FD Script 1.3.2 - download.php Remote File Disclosure

FD Script 1.3.2 - download.php Remote File Disclosure Title : FdScript = v1.3.2 Remote File Disclosure Vulnerability Author : ajann Contact : : Site : http://stud.usv.ro/vladl/ $$ : Free SOURCE--------------------------------------------------------- http://target/path//download.php?fname=SOURCE...

7.5AI score
Exploits0
Prion
Prion
added 2007/01/18 2:28 a.m.15 views

Directory traversal

download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability...

5CVSS6.9AI score0.02783EPSS
Exploits0References4
CVE
CVE
added 2007/01/18 2:0 a.m.49 views

CVE-2007-0329

CVE-2007-0329 affects the JV2 Folder Gallery (download.php) where a relative pathname in the file parameter enables directory traversal to read sensitive files (as shown by config/gallerysetup.php). Root cause is a path handling flaw; exploitation details are not provided in the supplied document...

5CVSS6.4AI score0.02783EPSS
Exploits0References4Affected Software1
exploitpack
exploitpack
added 2007/01/14 12:0 a.m.12 views

JV2 Folder Gallery 3.0 - download.php Remote File Disclosure

JV2 Folder Gallery 3.0 - download.php Remote File Disclosure / Script Name :JV2 Folder Gallery Script site :www.jv2.net Discovered by :SaO Exploit Coded by :PeTrO Credits To soulreaver,Kuz3y Compile: Visual C++ or DevC++ / include include include pragma commentlib,"ws232.lib" int mainint argc, ch...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2006/12/17 12:0 a.m.23 views

SZEWO PhpCommander Download.PHP本地文件包含漏洞

SZEWO PhpCommander是一款基于PHP的WEB应用程序。 SZEWO PhpCommander不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是由于'Download.PHP'脚本对用户提交的WEB参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过WEB ROOT限制,以WEB进程权限查看系统文件内容。 SZEWO PhpCommander 3.0 http://www.szewo.com/php/commander/eng/ !/usr/bin/php -q -d shortopentag=on $devilteam...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/11/25 12:0 a.m.43 views

Sisfo Kampus 0.8 - Remote File Inclusion / Download

Source Code = Sisfokampus 0.8 Website = www.Sisfokampus.net Author = E. Setio Dewo [email protected] Dorkz : Allinurl: /index.php?exec= File Vuln : index.php print.php download.php Local File Include Found by : Wawan Firmansyah a.k.a Ang|n [email protected] Source of index.php...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/11/17 12:0 a.m.15 views

16 HTTP Upload Tool (download.php) Information Disclosure Vulnerability

No description provided by source. Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sanity checking on the...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/11/16 12:0 a.m.16 views

HTTP Upload Tool - download.php Information Disclosure

HTTP Upload Tool - download.php Information Disclosure Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sani...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2006/11/16 12:0 a.m.28 views

HTTP Upload Tool - 'download.php' Information Disclosure

Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sanity checking on the file being requested. This allows an...

7.4AI score
Exploits0
NVD
NVD
added 2006/09/14 9:7 p.m.27 views

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

4.3CVSS5.6AI score0.0459EPSS
Exploits1References11
Cvelist
Cvelist
added 2006/09/13 11:0 p.m.20 views

CVE-2006-4757

Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the 1 linkopentype, 2 linkrender, 3 linkclass, and 4 linkid parameters in a links.php; the 5 searchquery parameter in b users.php; and th...

8.1AI score0.00878EPSS
Exploits0References3
securityvulns
securityvulns
added 2006/09/04 12:0 a.m.68 views

Sql injections in e107 [Admin section]

Hi, There are several sql injections in e107 0.7.5 admin section : I The "linkopentype", "linkrender" and "linkclass" parameters are passed to "dbInsert" function without checking : File /e107admin/links.php, Line 496 : $sql-dbInsert"links", "0, '$linkname', '$linkurl', '$linkdescription',...

2.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/07/11 12:0 a.m.423 views

Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion

The remote host is running the phpBB component for Mambo, a web-based bulletin board. The version of the phpBB component for Mambo installed on the remote host fails to sanitize input to the 'phpbbrootpath' parameter of the 'download.php' and other scripts before using it to include PHP code...

6.8CVSS6AI score0.05111EPSS
Exploits0References1
Rows per page
Query Builder