Wordpress Plugin Wp-FileManager 1.2 Remote Upload Vulnerability

Exploit for unknown platform in category web applications =============================================================== Wordpress Plugin Wp-FileManager 1.2 Remote Upload Vulnerability =============================================================== AUTHOR : H-T TeaM HouSSaMix ToXiC350 Script :...

CVE-2003-1460

Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information...

CVE-2003-1460

The vulnerability CVE-2003-1460 affects Worker Filemanager 1.0–2.7 . During copy operations, the destination directory is left with world-readable and executable permissions, enabling local users to obtain sensitive information. The root cause is a mis-set filesystem permission during copy. Impac...

CVE-2007-5146

Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the dedipath parameter to 1 inc.generatecode.php, 2 fnc.typeforms.php, or 3 fnc.type.php in backend/inc/, or 4 frontend.php or 5 backend.php in...

CVE-2007-5146

CVE-2007-5146 ffects dedi-group Der Dirigent 1.0. Multiple PHP remote file inclusion vulnerabilities allow remote attackers to execute arbitrary PHP code via a URL in the dedi_path parameter to: inc.generate_code.php, fnc.type_forms.php, fnc.type.php (backend/inc/), frontend.php or backend.php (p...

Input validation

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658...

CVE-2007-3163

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658...

CVE-2007-3163

The connected records identify CVE-2007-3163 as an incomplete blacklist vulnerability in Frederico Caldeira Knabben’s FCKeditor, specifically in the filemanager/upload/php/upload.php component. With FCKeditor 2.4.2, remote attackers can upload and subsequently execute arbitrary PHP code by supply...

CVE-2007-3163

Removed by vendor...

PT-2007-4446 · Freddie Chung · Ckeditor

Name of the Vulnerable Software and Affected Versions: FCKeditor version 2.4.2 Description: The issue is related to an incomplete blacklist vulnerability in the filemanager component. This allows remote attackers to upload arbitrary .php files using an alternate data stream syntax, such as...

CVE-2007-1638

Multiple cross-site request forgery CSRF vulnerabilities in the checkcsrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Notes, 5 Search...

Code injection

Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors...

CVE-2007-0252

Technical details (affected product/version, vectors, exploitability) are not provided in the supplied documents. Monitor for updates; no public details are available here.

CVE-2007-0252

Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors...

Knusperleicht FileManager DWL_Download远程文件包含漏洞

Knusperleicht FileManager是一款基于PHP的音乐管理程序。 Knusperleicht FileManager不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是脚本对用户提交的"dwldownloadpat"和"dwlincludepath"参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Knusperleicht FileManager http://knusperleicht.at/index.php?knuspi=phpecke...

UNAK-CMS 1.5 - 'dirroot' Remote File Inclusion

============================================================================================== UNAK-CMS = v1.5 dirroot Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

filemanagerrem.txt

Kurdish Security FileManager Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : FileManager Site : http://www.knusperleicht.at Code : $dwldownloadpath = "downloads"; $dwlincludepath = "dwl/";...

quickie.txt

Kurdish Security Quickie Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : Kurdish Security FileManager Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack &...

CVE-2006-3987

Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 dwldownloadpath or 2 dwlincludepath parameters...

CVE-2006-3987

Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 dwldownloadpath or 2 dwlincludepath parameters...