Lucene search
K

83 matches found

Cvelist
Cvelist
added 2007/05/02 12:0 a.m.20 views

CVE-2007-2430

shared/code/tcetmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php...

6.9AI score0.03702EPSS
Exploits0References7
CVE
CVE
added 2007/05/02 12:0 a.m.59 views

CVE-2007-2430

CVE-2007-2430 affects TCExam 4.0.011 and earlier. The vulnerability is in shared/code/tce_tmx.php, where an attacker can create arbitrary PHP files in cache/ by placing crafted content and directory-traversal data into a SessionUserLang cookie that is processed by public/code/index.php. This indi...

7.8CVSS6.9AI score0.03702EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2007/04/13 6:19 p.m.20 views

Unrestricted file upload

Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a 1 php3, 2 php4, or 3 php5 extension...

6.8CVSS6.9AI score0.03279EPSS
Exploits0References11Affected Software1
UbuntuCve
UbuntuCve
added 2007/04/13 6:19 p.m.22 views

CVE-2007-2024

Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a 1 php3, 2 php4, or 3 php5 extension...

6.8CVSS6AI score0.03279EPSS
Exploits0References1
NVD
NVD
added 2007/04/13 6:19 p.m.24 views

CVE-2007-2024

Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a 1 php3, 2 php4, or 3 php5 extension...

6.8CVSS6.7AI score0.03279EPSS
Exploits0References11
Cvelist
Cvelist
added 2006/12/07 1:0 a.m.20 views

CVE-2006-6347

Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector...

6.5AI score0.01152EPSS
Exploits0References3
Prion
Prion
added 2006/06/07 12:2 a.m.12 views

Remote file inclusion

PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the includeprefix parameter in 1 inc/dbase.php, 2 inc/config.php, 3 inc/common.php, and 4 inc/function.php. NOTE: it has been reported that the inc directory is...

7.5CVSS7.4AI score0.07605EPSS
Exploits0References11Affected Software1
OpenVAS
OpenVAS
added 2006/03/26 12:0 a.m.30 views

Limbo CMS Multiple Vulnerabilities

The remote web server contains a PHP application that is affected by numerous vulnerabilities. Description : The remote host is running Limbo CMS, a content-management system written in PHP. The remote version of this software is vulnerable to several flaws including : - If registerglobals is off...

7.5CVSS0.1AI score0.05245EPSS
Exploits4References8
Prion
Prion
added 2006/03/23 11:6 p.m.21 views

Design/Logic Flaw

Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...

9CVSS7.6AI score0.09395EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2006/03/23 11:6 p.m.26 views

CVE-2006-1371

Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...

9CVSS7.1AI score0.09395EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2006/03/14 2:2 a.m.20 views

CVE-2006-1219

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." dot dot sequences in the stepOrder parameter to 1 upgrade/index.php or 2 install/index.php...

5CVSS6.1AI score0.03747EPSS
Exploits0References1
CVE
CVE
added 2006/03/14 2:0 a.m.53 views

CVE-2006-1219

Vulnerability summary (CVE-2006-1219) : A directory traversal / local file inclusion flaw affects Gallery 2.0.3 and earlier, and 2.1 before RC-2a. The issue allows an attacker to cause the application to include arbitrary PHP files via dot-dot sequences in the stepOrder parameter sent to (1) upgr...

5CVSS6.9AI score0.03747EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2006/03/12 9:2 p.m.11 views

CVE-2006-1162

Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. dot dot in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter...

5.1CVSS6.8AI score0.02698EPSS
Exploits1References7
Prion
Prion
added 2006/03/12 9:2 p.m.19 views

Directory traversal

Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. dot dot in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter...

5.1CVSS7.3AI score0.02698EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2006/03/12 9:0 p.m.16 views

CVE-2006-1162

Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. dot dot in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter...

6.8AI score0.02698EPSS
Exploits1References7
Cvelist
Cvelist
added 2005/12/21 11:0 a.m.21 views

CVE-2005-4449

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, th...

6.6AI score0.04719EPSS
Exploits1References5
NVD
NVD
added 2005/12/17 11:3 a.m.11 views

CVE-2005-4319

Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter...

5CVSS6.9AI score0.03236EPSS
Exploits1References8
NVD
NVD
added 2005/09/20 10:3 p.m.17 views

CVE-2005-2998

PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files...

7.5CVSS7.6AI score0.01449EPSS
Exploits1References1
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.13 views

CVE-2002-1841

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4...

7.5AI score0.02157EPSS
Exploits0References5
NVD
NVD
added 2005/05/02 4:0 a.m.17 views

CVE-2005-0272

ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions...

7.5CVSS7.4AI score0.02659EPSS
Exploits2References4
Rows per page
Query Builder