Mini File Host 1.2.1 - 'language' Local File Inclusion

!/usr/bin/perl Name: Mini File Host 1.2.1 "Security Fixed release" and earlier Vulnerability type: Local File Inclusion through POST requests pages/upload.php Authors: Scary-Boys: original GET-vulnerability, 2008-01-17 shinmai: POST-request vulnerability in latest version perl POC, 2008-01-19...

Mini File Host 1.2 (upload.php language) LFI Vulnerability

Exploit for unknown platform in category web applications ========================================================== Mini File Host 1.2 upload.php language LFI Vulnerability ========================================================== Mini File Host = 1.2 Local File Inclusion Vulnerability AUTHOR :...

CVE-2003-1489

Affected software: Truegalerie 1.0. Vulnerable component/flow: upload.php and the file cookie mechanism in form.php, which lets an attacker specify a target filename to read arbitrary files via the image gallery download path. Root cause: handling of filename via a file cookie without proper acce...

CVE-2007-5307

Technical details about CVE-2007-5307 are not publicly available in the provided connected documents. Please monitor for updates on affected software, impact and remediation.

WordPress <= 2.2.1 - XSS

Because of this vulnerability in the wp-admin/includes/upload.php, the attackers can inject arbitrary web script or HTML via the "style" parameter. Solution Update WordPress...

CVE-2007-3403

Unrestricted file upload vulnerability in upload.php in dreamLog aka dreamblog 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile parameter...

DreamLog 0.5 (upload.php) Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ======================================================= DreamLog 0.5 upload.php Arbitrary File Upload Exploit ======================================================= ? / \|/// \ - - // @ @...

phpcms 3.0.0文件上传漏洞

漏洞文件: ads/upload.php、uppic.php require PHPCMSROOT."/class/upload.php"; if!$userid message"请您先登录或注册！" , PHPCMSPATH."member/login.php"; if$extid==1 $upfiletype= "jpg|png|gif"; elseif $extid==2 $upfiletype= "swf"; if$action=='upload' $fileArr = array 'file'=$uploadfile, 'name'=$uploadfilename,...

contentnow-130-2.txt

ContentNow Directory Traversalupload.php ------------------------------------------ -vulnerability By: Timq -http://securitydb.org -Team Root-Shell -Email:timqathushmail.com ------------------------------------------ It appears that it is possible to view any files on a system via 'upload.php'...

ContentNow 1.30 (upload/xss) Multiple Remote Vulnerabilities

No description provided by source. ContentNow Directory Traversalupload.php ------------------------------------------ -vulnerability By: Timq -http://securitydb.org -Team Root-Shell -Email:timqathushmail.com ------------------------------------------ It appears that it is possible to view any...

CVE-2006-5844

Speedywiki 2.0 allows remote attackers to obtain the full path of the web server via the 1 showRevisions and 2 searchText parameters in a index.php, and b a direct request to upload.php without any parameters...

Speedwiki 2.0 Arbitrary File Upload Vulnerability

product :Speedwiki 2.0 vendor site: http://speedywiki.sourceforge.net/ risk:critical a user logged in , can upload a PHP script on the server , by the upload script , there's actually no upload filter on this cms path : /speedywiki/index.php?upload=1 xss get :...

CVE-2006-5411

The CVE-2006-5411 entry concerns an unrestricted file upload in Free Web Publishing System (FreeWPS) via upload.php, potentially affecting version 2.11 and earlier. Remote attackers could upload and execute arbitrary PHP programs. The vulnerability enables partial confidentiality, integrity, and ...

FreeWPS 2.11 - &#039;upload.php&#039; Remote Command Execution

source: https://www.securityfocus.com/bid/20494/info FreeWPS is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process. FreeWPS version 2.11 is vulnerable to this issue; other versions m...

CVE-2006-2529

editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658...

CVE-2006-1704

Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php...

MyBloggie 2.1.2/2.1.3 - &#039;upload.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...

CVE-2006-0702

The provided connected Nessus entry confirms a concrete vulnerability in imageVue: versions prior to 16.2 allow unauthenticated remote upload of arbitrary files via admin/upload.php, effectively enabling code execution under the web server’s user context. The issue is described as an unrestricted...

CVE-2005-1884

Directory traversal vulnerability in the 1 rmdir or 2 mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. dot dot in the dir parameter...