CVE-2010-5091

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file...

Code injection

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file...

CVE-2010-5091

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file...

CVE-2010-5091

The CVE-2010-5091 vulnerability affects SilverStripe 2.3.x (before 2.3.8) and 2.4.x (before 2.4.1), where the setName function in filesystem/File.php allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing an uploaded file’s extension. Root cause: in...

Powie pFile 1.01 SQL injection vulnerability

Exploit for php platform in category web applications +----------------------------------------------------------------------+ Exploit Title: Powie pFile 1.01 SQL injection vulnerability Google Dork: inurl:pfile/file.php?id= intext:"-- pFile 1.01 OS" Date: 22/06/2012 Exploit Author: Tunisian...

Sql injection

SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2012-1210

CVE-2012-1210 describes an SQL injection in Powie pFile 1.02, specifically in pfile/file.php, exploitable via the id parameter to allow remote execution of arbitrary SQL commands. The CVSS v2 base score is 7.5 (HIGH) with network access, low attack complexity, no authentication, and partial impac...

CVE-2011-2772

The CVE-2011-2772 issue affects Mahara up to version 1.4.1, where get_dataroot_image_path in lib/file.php fails to properly validate uploaded images, allowing remote attackers to trigger a denial of service through large or invalid images. Public sources (NVD, Red Hat, Debian) confirm the vulnera...

CVE-2010-1057

Phpkobo AdFreely (aka Ad Board Script) 1.01 is affected by directory traversal via LANG_CODE in common.inc.php, enabling remote inclusion/execution of local files when magic_quotes_gpc is disabled. The vulnerability affects multiple paths (codelib/cfg/, codelib/sys/, staff/, staff/app/, staff/fil...

Mongoose 2.8 Source Disclosure

Securitylab.ir Application Info: Name: mongoose Version: 2.8 Download: http://code.google.com/p/mongoose/downloads/list Vulnerability Info: Type: Remote Source Disclosure Risk: Medium Vulnerability: http://127.0.0.1/file.php%20%20%20 Discoverd By: Pouya Daneshmand Website: http://securitylab.ir...

mongoose Space Character Remote File Disclosure Vulnerability

Securitylab.ir Application Info: Name: mongoose Version: 2.8 Download: http://code.google.com/p/mongoose/downloads/list Vulnerability Info: Type: Remote Source Disclosure Risk: Medium Vulnerability: http://127.0.0.1/file.php202020 Discoverd By: Pouya Daneshmand Website: http://securitylab.ir...

Mongoose 2.8 - Space String Remote File Disclosure

source: https://www.securityfocus.com/bid/38145/info Mongoose is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process, which may a...

Info Fisier 1.0 XSS / SQL Injection

Author : kaozc9 + Email : [email protected] + Site : www.paradisextem.co.cc + Team : ParadisexTeam + Dork : Powered by Info Fisier. =========================================XSS================================================== Affected Files: http://server/path/search.php...

info fisier 1.0 - Multiple Vulnerabilities

info fisier 1.0 - Multiple Vulnerabilities + Author : kaozc9 + Email : [email protected] + Site : www.paradisextem.co.cc + Team : ParadisexTeam + Dork : Powered by Info Fisier. =========================================XSS================================================== Affected Files:...

Info Fisier 1.0 multiple Vulnerabilities

Exploit for unknown platform in category web applications ======================================== Info Fisier 1.0 multiple Vulnerabilities ======================================== + Dork : Powered by Info Fisier...

CVE-2009-1433

SQL injection vulnerability in File::find filesystem/File.php in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter...

CVE-2009-1433

CVE-2009-1433 affects SilverStripe before 2.3.1, with the SQL injection vulnerability located in File::find (filesystem/File.php). The underlying issue allows remote attackers to execute arbitrary SQL commands via the filename parameter. Impact is remote authentication/authorization-agnostic data...

CVE-2009-1433

SQL injection vulnerability in File::find filesystem/File.php in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter...

Studio Lounge Address Book 2.5 (profile) Shell Upload Vulnerability

No description provided by source. Address Book 2.5 profile Remote Shell Upload Vulnerability bug found by Jose Luis Gongora Fernandez a.k.a JosS contact: sys-projectathotmail.com website: http://www.hack0wn.com/ - download: http://www.studiolounge.net/2007/08/17/address-book-25 - vuln file:...

CMS Mini 0.2.2 - Remote Command Execution

--+++================================================================+++-- --+++====== CMS Mini ". "\n+ Ex. : php xpl.php localhost /CMSmini". "\n\n"; if $argc != 3 usage; $hostname = $argv 1; $path = $argv 2; $fp = fsockopen $hostname, 80; $post = "message="; $request = "POST...