miniCMS v1.0 => v2.0 Arbitrary File Upload

Exploit for php platform in category web applications Title : miniCMS v1.0 = v2.0 Arbitrary File Upload Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMSŠ" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks :...

29o3 CMS (LibDir) Multiple Remote File Inclusion Vulnerability

Description: Some vulnerabilities have been discovered in 2903 CMS, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "CONFIGLibDir" parameter in multiple files is not properly verified before being used to include files. This can be exploited to...

[SA14416] CubeCart Cross-Site Scripting Vulnerabilities

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

[SA13933] Ghostscript Various Scripts Insecure Temporary File Creation

TITLE: Ghostscript Various Scripts Insecure Temporary File Creation SECUNIA ADVISORY ID: SA13933 VERIFY ADVISORY: http://secunia.com/advisories/13933/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Ghostscript 8.x http://secunia.com/product/4550/ DESCRIPTION:...

CVE-2004-2108

Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to 1 search.asp, 2 browse.asp, 3 details.asp, 4 showcat.asp, 5 users.asp, 6 addtomylist.asp, 7 modline.asp, 8 cart.asp, or 9 newuser.asp...

Expinion.net Member Management System 2.1 - 'register.asp?err' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9932/info It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate...

BES-CMS 0.40.5 - message.php File Inclusion

BES-CMS 0.40.5 - message.php File Inclusion source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable...

BES-CMS 0.40.5 - membersindex.inc.php File Inclusion

BES-CMS 0.40.5 - membersindex.inc.php File Inclusion source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a...

BES-CMS 0.4/0.5 - 'index.inc.php' File Inclusion

source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem exists in the...

Caucho Resin 2.02.1 - Multiple HTML Injection Cross-Site Scripting Vulnerabilities

Caucho Resin 2.02.1 - Multiple HTML Injection Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/8852/info It has been reported that Caucho Resin is prone to multiple HTML Injection and cross-site scripting vulnerabilities in various scripts that may allow a remote...

Majordomo 1.94.4/1.94.5 - Local -C Parameter (1)

source: https://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo or one of several other scripts when run with the setuid ro...