PT-2026-32019

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 Description Chamilo LMS is a learning management system. Authenticated users, including students, can write arbitrary content to files on the server through the BigUpload endpoint. The key parameter contro...

CVE-2022-46302

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk = 2.1.0p6, Checkmk = 2.0.0p27, and all versions of Checkmk 1.6.0 EOL allowing an attacker to perform remote code execution wi...

dotclear 2.8.1 Shell Upload

Security Advisory - Curesec Research Team 1. Introduction Affected Product: dotclear 2.8.1 Fixed in: 2.8.2 Fixed Version Link: http://download.dotclear.org/latest.zip Vendor Website: http://dotclear.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 10/02/2015...

Fedora 11 : wordpress-mu-2.8.6-1.fc11 (2009-12547)

Update to 2.8.6; a couple of security fixes including 1 XSS bug and some additional protections against certain permissive apache configurations Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

WordPress 'wp-admin/includes/file.php' Arbitrary File Upload Vulnerability

WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

FreeBSD : php -- multiple vulnerabilities (27d01223-c457-11dd-a721-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS Denial of Service or compromise a vulnerable system. An input validation error exists within the 'ZipArchive::extractTo'...

php -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS Denial of Service or compromise a vulnerable system. An input validation error exists within the "ZipArchive::extractTo"...

Code injection

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743...

SA-2006-006 - Drupal Core - Execution of arbitrary files in certain Apache configurations

Certain -- alas, typical -- configurations of Apache allows execution of carefully named arbitrary scripts in the files directory. Drupal now will attempt to automatically create a .htaccess file in your "files" directory to protect you. This line references SA2006006 to lead Apache administrator...