CVE-2007-4695

Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads...

SA-2007-026 - Drupal Core - Cross site scripting via uploads

The allowed extension list of the core Upload module contains the extension HTML by default. Such files can be used to execute arbitrary script code in the context of the affected site when a user views the file. Revoking upload permissions or removing the .html extension from the allowed extensi...

Debian DSA-1371-1 : phpwiki - several vulnerabilities

Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file...

DSA-1371-1 phpwiki - several vulnerabilities

Bulletin has no description...

AuraCMS 2.1 - Remote File Attachment Local File Inclusion

AuraCMS 2.1 - Remote File Attachment Local File Inclusion AuraCMS 2.1 - Remote File Attachment - Local File Inclusion Vendor : http://www.auracms.org/ Download : http://www.auracms.org/dljump.php?id=42 Ditemukan oleh : k1tk4t - k1tk4t4tnewhack.org Lokasi : Indonesia -- newhackdotorg @ irc.dal.net...

AlstraSoft Template Seller Pro <= 3.25 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " AlstraSoft Template Seller Pro = 3.25 Remote Code Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage:...

PhpWiki fails to properly restrict uploaded files

Overview PhpWiki fails to properly restrict uploaded files, which can allow a remote attacker to execute arbitrary commands on a vulnerable system. Description PhpWiki is Wiki software that is implemented in PHP. PhpWiki includes an "UpLoad" feature that allows users to upload files. Files with a...

Design/Logic Flaw

Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles...

CVE-2007-0147

Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles...

CVE-2007-0147

Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles...

ContentNow 1.30 (upload/xss) Multiple Remote Vulnerabilities

No description provided by source. ContentNow Directory Traversalupload.php ------------------------------------------ -vulnerability By: Timq -http://securitydb.org -Team Root-Shell -Email:timqathushmail.com ------------------------------------------ It appears that it is possible to view any...

CVE-2006-5833

gbcmsphpfiles/uploader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service disk consumption and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file...

PmWiki < 2.1.21 Global Variables Overwriting

The version of PmWiki installed on the remote host contains a programming flaw in 'pmwiki.php' that may allow an unauthenticated remote attacker to overwrite global variables used by the application, which could in turn be exploited to execute arbitrary PHP code on the affected host, subject to t...

Awareness of vulnerabilities haha-vulnerability warning-the black bar safety net

Text/SuperHeiAtph4nt0m.org 2006-2-12 2006-02-0 9, milw0rm released the FCKEditor one upload vulnerability1. Fig. FCKEditor is one of a plurality of language Language version of theasp,cgi,aspx,php,cfm,...of the online editing class2, many web systems use this A class. In fact, this is something o...

CVE-2006-3935

system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to 1 send broadcast messages to all users /workplace/broadcast, 2 list all users /accounts/users, 3 add webusers...

Microsoft Internet Explorer 5.56.07.0 - JavaScript Key Filtering

Microsoft Internet Explorer 5.56.07.0 - JavaScript Key Filtering source: https://www.securityfocus.com/bid/18308/info Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users. This issue is demonstrated to...

FreeBSD : coppermine -- Multiple File Extensions Vulnerability (0b628470-e9a6-11da-b9f4-00123ffe8333)

Secunia reports : Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload...

coppermine -- Multiple File Extensions Vulnerability

Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload...

PT-2006-3389 · Dubanner · Dubanner

Name of the Vulnerable Software and Affected Versions: DUbanner version 3.1 Description: The issue allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, to the add.asp endpoint, probably due to client-side enforcement that can be...

Cross site scripting

E-Business Designer eBD 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to 1 common/htmleditor/imagebrowser.upload.html, 2 common/htmleditor/imagebrowser.html, or 3 common/htmleditor/htmleditor.html. NOTE: this can al...