CVE-2007-3932

uploadimg.php in the Expose RC35 and earlier comexpose component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder...

CVE-2007-3932

CVE-2007-3932 affects the Joomla! Expose component (RC35 and earlier, com_expose) via uploadimg.php. The code fails to exit after detecting non‑JPEG uploads, enabling an unauthenticated attacker to upload and execute arbitrary PHP in the img/ folder (remote code execution). This is supported by t...

Code injection

Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into 1 a score.txt file via the score parameter, or 2 a setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php...

Unrestricted file upload

Unrestricted file upload vulnerability in 1 wp-app.php and 2 app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wppostmeta table and the use of custom fields in normal...

CVE-2007-3543

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...

CVE-2007-3543

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...

CVE-2007-3544

CVE-2007-3544 describes an unrestricted file upload in WordPress 2.2.1 and WordPress MU 1.2.3 affecting (1) wp-app.php and (2) app.php. The issue allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, with possible linkage to the wp_postmeta table and ...

CVE-2007-3543

CVE-2007-3543 involves an Unrestricted file upload vulnerability in WordPress up to version 2.2.1 and WordPress MU up to 1.2.3. The flaw allows a remote authenticated user to upload and execute arbitrary PHP code by creating a post with a .php filename in the _wp_attached_file metadata field and ...

CVE-2007-3543

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...

Unrestricted file upload

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg...

Remote file inclusion

PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the diredgelang parameter...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename...

CVE-2007-3432

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename...

CVE-2007-3432

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename...

CVE-2007-3429

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg...

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in dreamLog aka dreamblog 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile parameter...

CVE-2007-3403

Unrestricted file upload vulnerability in upload.php in dreamLog aka dreamblog 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile parameter...

Powl 0.94 (htmledit.php) Remote File Inclusion Vulnerability

No description provided by source. !/usr/bin/perl POWL - 0.94 - Remote File Inclusion Exploit Url: http://switch.dl.sourceforge.net/sourceforge/powl/powlontowiki-0.94.zip Exploit: http://site.com/path/plugins/widgets/htmledit/htmledit.php?POWLinstallPath=EvilScript: coded and f0und3d by kw3rln...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myeventpath parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class...

CVE-2007-3325

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System LMS 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205...