Silverstripe CMS malicious file upload enables script execution

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

Improper file handling in concrete5/core

A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below. The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored ...

WordPress plugins wp-catpro arbitrary file upload-vulnerability warning-the black bar safety net

----------------------------------------------------------------------- Wordpress plugins - wp-catpro Arbitrary File Upload Vulnerability ----------------------------------------------------------------------- Author = Zikou-1 6 Mailbox = [email protected] Test System : Windows 7 , Backtrack 5r3...

Wordpress plugins powerzoomer Arbitrary File Upload Vulnerability

The attacker can uplaod file/shell.php.gif 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...