97 matches found
WordPress wp-file-upload plugin code issue vulnerability (CNVD-2019-30994)
WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-file-upload is a file upload plugin used in it. A code issue vulnerability exists in the WordPress wp-file-upload plugin,...
Pluck CMS suffers from a file upload vulnerability
Pluck CMS is a content management system CMS written in php. Pluck CMS suffers from a file upload vulnerability that can be exploited by an attacker to gain control of the web server...
The vulnerability of the imap_mail function in the PHP programming language allows a hacker to cause a service failure.
The vulnerability of the imapmail function in the PHP programming language is related to errors in handling empty strings in message arguments. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
File Upload Vulnerability in metinfo Mito System
metinfo mito system is an enterprise website management system with PHP Mysql architecture. A file upload vulnerability exists in metinfo Mito System, which can be exploited by attackers to upload arbitrary files...
Code Execution Vulnerabilities in PHP Version of Rookie Enterprise Website System Backend
Rookie enterprise website system PHP version is a PHP enterprise website system. Code execution vulnerability exists in the backend of Rookie Enterprise Website System PHP Edition. Allow attackers to execute commands and gain server privileges...
SDCMS Arbitrary Code Execution Vulnerability
SDCMS is a PHP and MySQL based enterprise station building content management system CMS from China Fireworks Network Technology Company. A security vulnerability exists in SDCMS version 1.6, which uses PHP version 5.x. The vulnerability can be exploited to execute arbitrary code by accessing the...
catfish blog cross-site scripting vulnerability
Catfish blog is a set of open source blog system developed using the PHP language . A cross-site scripting vulnerability exists in Catfish blog version 2.0.33. A remote attacker can exploit this vulnerability to inject code...
DedeCMS has information leakage vulnerability
Dream Content Management System DedeCMS is a PHP open source website management system. An information disclosure vulnerability exists in DedeCMS. An attacker can exploit the vulnerability to obtain sensitive user information that is publicly available on some websites...
Random multifunctional message board cms has XSS vulnerability
Random Multifunctional Message Board is a multifunctional message board system developed by php+MySQL. Casual multifunctional message board cms there are XSS vulnerabilities , attackers can exploit the vulnerability to obtain sensitive information such as user cookies...
MC Documentation Creator SQL Injection Vulnerability
MC Documentation Creator is a PHP document creation script . A SQL injection vulnerability exists in MC Documentation Creator. Due to poor parameter filtering in this PHP script, an attacker can exploit the vulnerability to obtain sensitive data...
PHP has an unspecified vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...
UBUNTU-CVE-2015-4598
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 the GD imagepsloadfont function...
Metinfo File Inclusion Vulnerability
MetInfo is an enterprise website management system with PHP Mysql architecture. A file inclusion vulnerability exists in the MetInfo system. An attacker can exploit this vulnerability to execute arbitrary php code...
DEBIAN-CVE-2014-3587
Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a crafted CDF file. NOTE: this vulnerability exists becaus...
[waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4
waraxe-2012-SA083 - Multiple Vulnerabilities in Uploadify 2.1.4 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-83.html Description of vulnerable software:...
[waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0
waraxe-2012-SA082 - File Existence Disclosure in Uploadify 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-82.html Description of vulnerable software:...
PHP: resource exhaustion attack via upload requests with lots of files
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service resource exhaustion, and makes it easier for remote attackers to exploit local file inclusi...