Unrestricted file upload

Unrestricted file upload vulnerability in 1 wp-app.php and 2 app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wppostmeta table and the use of custom fields in normal...

CVE-2007-3543

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...

CVE-2007-3543

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...

CVE-2007-3543

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...

CVE-2007-3544

CVE-2007-3544 describes an unrestricted file upload in WordPress 2.2.1 and WordPress MU 1.2.3 affecting (1) wp-app.php and (2) app.php. The issue allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, with possible linkage to the wp_postmeta table and ...

CVE-2007-3543

CVE-2007-3543 involves an Unrestricted file upload vulnerability in WordPress up to version 2.2.1 and WordPress MU up to 1.2.3. The flaw allows a remote authenticated user to upload and execute arbitrary PHP code by creating a post with a .php filename in the _wp_attached_file metadata field and ...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename...

Unrestricted file upload

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg...

Remote file inclusion

PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the diredgelang parameter...

CVE-2007-3432

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename...

CVE-2007-3429

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg...

CVE-2007-3432

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename...

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in dreamLog aka dreamblog 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile parameter...

CVE-2007-3403

Unrestricted file upload vulnerability in upload.php in dreamLog aka dreamblog 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile parameter...

Powl 0.94 (htmledit.php) Remote File Inclusion Vulnerability

No description provided by source. !/usr/bin/perl POWL - 0.94 - Remote File Inclusion Exploit Url: http://switch.dl.sourceforge.net/sourceforge/powl/powlontowiki-0.94.zip Exploit: http://site.com/path/plugins/widgets/htmledit/htmledit.php?POWLinstallPath=EvilScript: coded and f0und3d by kw3rln...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myeventpath parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class...

CVE-2007-3325

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System LMS 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205...

Code injection

Unspecified vulnerability in Simple Machines Forum SMF 1.1.2 allows remote attackers to execute arbitrary PHP code during 1 creation or 2 editing of a message...

CVE-2007-3309

Unspecified vulnerability in Simple Machines Forum SMF 1.1.2 allows remote attackers to execute arbitrary PHP code during 1 creation or 2 editing of a message...

CVE-2007-3292

Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...