497 matches found
pluck-lfi.txt
www.BugReport.ir AmnPardaz Security Research Team Title: Pluck Local File inclusion Vendor: http://www.pluck-cms.org Bug: Local File Inclusion Vulnerable Version: 4.5.1 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: Pluck is a content management...
Pluck Local File inclusion
www.BugReport.ir AmnPardaz Security Research Team Title: Pluck Local File inclusion Vendor: http://www.pluck-cms.org Bug: Local File Inclusion Vulnerable Version: 4.5.1 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: Pluck is a content management...
Pluck 4.5.1 (blogpost) Local File Inclusion Vulnerability (win only)
Exploit for unknown platform in category web applications ==================================================================== Pluck 4.5.1 blogpost Local File Inclusion Vulnerability win only ==================================================================== AmnPardaz Security Research Team...
Pluck CMS 4.5.1 (Windows) - blogpost Local File Inclusion
Pluck CMS 4.5.1 Windows - blogpost Local File Inclusion www.BugReport.ir AmnPardaz Security Research Team Title: Pluck Local File inclusion Vendor: http://www.pluck-cms.org Bug: Local File Inclusion Vulnerable Version: 4.5.1 prior versions also may be affected Exploitation: Remote with browser Fi...
Pluck CMS 4.5.1 (Windows) - 'blogpost' Local File Inclusion
www.BugReport.ir AmnPardaz Security Research Team Title: Pluck Local File inclusion Vendor: http://www.pluck-cms.org Bug: Local File Inclusion Vulnerable Version: 4.5.1 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: Pluck is a content management...
Directory traversal
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when registerglobals is enabled, allows remote attackers to read arbitrary local files via a .. dot dot in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argume...
Remote file inclusion
PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a...
CVE-2007-4181
PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a...
CVE-2007-4180
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when registerglobals is enabled, allows remote attackers to read arbitrary local files via a .. dot dot in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argume...
CVE-2007-4180
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when registerglobals is enabled, allows remote attackers to read arbitrary local files via a .. dot dot in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argume...
CVE-2007-4181
PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a...
CVE-2007-4181
Pluck 4.3 is affected by a reported PHP remote file inclusion in data/inc/theme.php when register_globals is enabled, potentially allowing arbitrary PHP code execution via a dir parameter. The core dispute in the public records notes that the vulnerable include occurs inside a function that does ...
CVE-2007-4180
Affects Pluck 4.3: directory traversal in data/inc/theme.php via the file parameter (..), exploitable when register_globals is enabled. The claim is that remote reading of local files is possible, but the note across sources indicates this vulnerability is disputed because the code uses a fixed a...
pluck-rfi.txt
Aria-Security Team Pluck 4.3 Remote File Inclusion Vendor: http://www.pluck-cms.org/ /path/data/inc/theme.php if Registerglobal was set as ON then we can use the $dir variable for RFI isfile$dir."/".$file $files=$file; else $dirs=$dir."/".$file; if$dirs foreach $dirs as $dir include...
PT-2007-5375 · Pluck · Pluck
Name of the Vulnerable Software and Affected Versions: Pluck version 4.3 Description: The issue allows remote attackers to potentially read arbitrary local files via a .. dot dot in the file parameter in the data/inc/theme.php file when register globals is enabled. However, it's noted that the co...
PT-2007-5376 · Pluck · Pluck
Name of the Vulnerable Software and Affected Versions: Pluck version 4.3 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter when register globals is enabled. However, a reliable third party disputes this vulnerability, stating that the...
Pluck 4.3 themes.php Remote File Inclusion and disclosure
Aria-Security Team Pluck 4.3 Remote File Inclusion Vendor: http://www.pluck-cms.org/ /path/data/inc/theme.php if Registerglobal was set as ON then we can use the $dir variable for RFI isfile$dir."/".$file $files=$file; else $dirs=$dir."/".$file; if$dirs foreach $dirs as $dir include...