Lucene search
K

83 matches found

Prion
Prion
added 2015/04/29 10:59 p.m.12 views

Design/Logic Flaw

The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...

6.5CVSS7.9AI score0.06053EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2015/04/29 10:0 p.m.23 views

CVE-2015-3458

The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...

7.4AI score0.06053EPSS
Exploits1References4
NVD
NVD
added 2013/03/14 3:13 a.m.19 views

CVE-2013-1468

Cross-site request forgery CSRF vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors...

7.6CVSS7.1AI score0.05726EPSS
Exploits10References9
Tenable Nessus
Tenable Nessus
added 2009/09/14 12:0 a.m.34 views

GLSA-200909-14 : Horde: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200909-14 Horde: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Horde: Gunnar Wrobel reported an input sanitation and directory traversal flaw in framework/Image/Image.php, related to the 'HordeImage...

6.4CVSS6AI score0.41263EPSS
Exploits11References6
NVD
NVD
added 2008/10/28 10:30 a.m.35 views

CVE-2008-4769

Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...

9.3CVSS7.3AI score0.08974EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2008/10/28 10:30 a.m.19 views

CVE-2008-4769

Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...

9.3CVSS6.1AI score0.08974EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2008/10/28 10:0 a.m.32 views

CVE-2008-4769

Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...

9.3CVSS7.2AI score0.08974EPSS
Exploits1
Prion
Prion
added 2008/05/21 1:24 p.m.18 views

Unrestricted file upload

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard...

9CVSS7.5AI score0.04279EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2008/05/21 12:0 a.m.15 views

WordPress <= 2.5.1 - Unrestricted file upload

Because of this vulnerability, the authenticated administrators can upload and execute arbitrary PHP files via the Upload section. Solution Update WordPress...

9CVSS5.8AI score0.04279EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2008/04/27 9:0 p.m.18 views

CVE-2008-1988

Unrestricted file upload vulnerability in the fileupload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file...

6.8AI score0.02585EPSS
Exploits0References3
Prion
Prion
added 2008/03/25 7:44 p.m.18 views

Unrestricted file upload

Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by 1 image/gif and 2 application/pdf...

6.5CVSS7.6AI score0.02003EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2008/03/25 7:0 p.m.24 views

CVE-2008-1495

Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by 1 image/gif and 2 application/pdf...

7.1AI score0.02003EPSS
Exploits1References5
NVD
NVD
added 2007/08/31 11:17 p.m.24 views

CVE-2007-4640

Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action...

6.4CVSS7.5AI score0.02431EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/08/31 11:0 p.m.22 views

CVE-2007-4640

Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action...

7.5AI score0.02431EPSS
Exploits0References5
NVD
NVD
added 2007/08/31 12:17 a.m.23 views

CVE-2007-4610

Unrestricted file upload vulnerability in config/upload.php in Moonware aka Dale Mooney Gallery allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php...

6.8CVSS7.5AI score0.01202EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/08/31 12:0 a.m.22 views

CVE-2007-4610

Unrestricted file upload vulnerability in config/upload.php in Moonware aka Dale Mooney Gallery allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php...

7.5AI score0.01202EPSS
Exploits0References5
CVE
CVE
added 2007/05/31 11:0 p.m.37 views

CVE-2007-2961

CVE-2007-2961 concerns an Unrestricted file upload vulnerability in FileCloset before 1.1.5. The issue allows remote attackers to upload arbitrary PHP files via unspecified vectors. The NVD entry records a CVSSv2 base score of 7.5 (HIGH) with network attack vector and no authentication required; ...

7.5CVSS7AI score0.0161EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/05/09 5:0 p.m.36 views

CVE-2007-0609

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...

7.1AI score0.07506EPSS
Exploits2References9
Prion
Prion
added 2007/05/02 12:19 a.m.13 views

Directory traversal

shared/code/tcetmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php...

7.8CVSS7.4AI score0.03702EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/05/02 12:19 a.m.17 views

CVE-2007-2430

shared/code/tcetmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php...

7.8CVSS6.9AI score0.03702EPSS
Exploits0References7
Rows per page
Query Builder