ImageVue 0.16.1 - dir.php Folder Permission Disclosure

ImageVue 0.16.1 - dir.php Folder Permission Disclosure source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection...

Hardcoded credentials

CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the...

pixelpostXSS.txt

New eVuln Advisory: Pixelpost Photoblog XSS Vulnerability http://evuln.com/vulns/45/summary.html --------------------Summary---------------- Software: Pixelpost Photoblog Sowtware's Web Site: http://www.pixelpost.org/ Versions: 1.4.3 Critical Level: Moderate Type: Cross-Site Scripting Class: Remo...

Toshiba Bluetooth stack directory traversal

Directory traversal with filename allows to upload file to any location...

CVE-2006-0169

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory...

SEC-20051107-0.txt

SEC-CONSULT Security Advisory 20051107-0 ============================================================================= title: toendaCMS multiple vulnerabilites program: toendaCMS vulnerable version: .xml, where is string composed of 5 bytes e.g. 2ac336ff0d.xml. Each XML file contains username...

[Full-disclosure] SEC Consult SA-20051107-0 :: toendaCMS multiple vulnerabilites

SEC-CONSULT Security Advisory 20051107-0 ============================================================================= title: toendaCMS multiple vulnerabilites program: toendaCMS vulnerable version: 0.6.2 homepage: www.toenda.com found: 2005-10-25 by: Bernhard Mueller / SEC-CONSULT /...

php POST file uploads

The remote host is running a version of PHP earlier than 4.1.2. There are several flaws in how PHP handles multipart/form-data POST requests, any one of which can allow an attacker to gain remote access to the system. OpenVAS Vulnerability Test $Id: phpsplitmime.nasl 8023 2017-12-07 08:36:26Z...

PHP < 4.1.2 POST File Uploads Vulnerabilities - Active Check

There are several flaws in how PHP handles multipart/form-data POST requests, any one of which can allow an attacker to gain remote access to the system. SPDX-FileCopyrightText: 2002 Thomas Reinke Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2005-3102

The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root...

CVE-2005-3102

The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root...

CVE-2005-3041

Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads."...

CVE-2005-3041

CVE-2005-3041 concerns Opera for Windows versions before 8.50. The issue is a drag‑and‑drop vulnerability described as an unspecified flaw that enables unintentional file uploads. The NVD entry lists a base score of 5.0 (Medium) with network attack vector, low complexity, and partial integrity im...

CVE-2005-3041

Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads."...

Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution

The remote host is running Mail-it Now! Upload2Server, a free, PHP feedback form script supporting file uploads. The version of Upload2Server installed on the remote host stores uploaded files insecurely. An attacker may be able to exploit this flaw to upload a file with arbitrary code and then...

pwpphp122.txt

PwsPHP v1.2.2 Final - Multiples vulnerabilities ----------------------------------------------- VULNERABLE PRODUCT ------------------ Forum: Pwsphp Version: 1.2.2 Final Vulnerabilities: Multiples -------------------------- / / / / / / / / / / / \ / // / /// // / // / / / / // / / .///// / .//...

PT-2005-2838 · Yapig · Yapig

Name of the Vulnerable Software and Affected Versions: YaPiG versions 0.92b through 0.94u Description: The issue concerns the upload.php file in YaPiG, which does not properly restrict the file extension for uploaded image files. This allows remote attackers to upload arbitrary files and execute...

PwsPHP v1.2.2 Final - Multiples vulnerabilities

PwsPHP v1.2.2 Final - Multiples vulnerabilities ----------------------------------------------- VULNERABLE PRODUCT ------------------ Forum: Pwsphp Version: 1.2.2 Final Vulnerabilities: Multiples -------------------------- / / / / / / / / / / / / // / /// // / // / / / / // / / .///// / .// // ./...

paFileDB <= 3.1 Multiple Vulnerabilities (2)

The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

browserDisclose.txt

Multi browser sensitive information disclosure I. DESCRIPTION: Mr.upken disclosed this issue publicly on 19th Feb. 2005. Here is his advisory.language is Japanese http://xxx.upken.jp/report/ieup/ I have a few additional details to add to his original advisory. II. IMPACT: Disclosure of sensitive...