1978 matches found
osCommerce 2.2 Arbitrary PHP Code Execution
No description provided by source. $Id: oscommercefilemanager.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...
Double Choco Latte 0.9.3/0.9.4 main.php Arbitrary PHP Code Execution
No description provided by source. source: http://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting/HTML...
PHPBook 1.x Mail Field PHP Code Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16106/info phpBook is prone to a vulnerability that may let remote attackers inject arbitrary PHP code into the application. This code may then be executed by visiting pages that include the injected code. E-mail field:...
PHPWebNotes 2.0 Api.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14679/info phpWebNotes is prone to a remote file include vulnerability. hpWebNotes is susceptible to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplie...
DDLCMS 2.1 - (skin) Remote File Inclusion Vulnerability
No description provided by source. ============================================================== DDLCMS v2.1 skin Remote File Inclusion Vulnerability ============================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...
Coppermine Photo Gallery 1.4.10 Multiple Remote And Local File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/22409/info Coppermine Photo Gallery is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to execute arbitra...
Gravity Board X 1.1 CSS Template Unauthorized Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged functions. An...
mcGalleryPRO <= 2006 (path_to_folder) Remote Include Vulnerability
No description provided by source. SolpotCrew Community Mcgallerypro pathtofolder Remote File Inclusion Download file : http://phpforums.net/mcgp/mcgp.zip/mcgp.zip Bug Found By :Solpot a.k.a k. Hasibuan 10-09-2006 contact: [email protected] Website :...
LoudBlog 0.41 backend_settings.php language Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote...
LS Simple Guestbook 1.0 - Remote Code Execution Vulnerability
No description provided by source. Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input...
Laurent Adda Les Commentaires 2.0 PHP Script derniers_commentaires.php Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be...
phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit
No description provided by source. ?php / ------------------------------------------------------------------------ phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit ------------------------------------------------------------------------ author...............: EgiX...
Magic News Plus 1.0.2 n_layouts.php link_parameters Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site...
Serendipity <= 1.0.3 (comment.php) Local File Include Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
PHP 3-5 Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19933/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This...
Laurent Adda Les Commentaires 2.0 PHP Script fonctions.lib.php Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be...
WordPress Front End Upload 0.5.4.4 - Arbitrary PHP File Upload
No description provided by source. Exploit Title: WordPress Front End Upload v0.5.4.4 Arbitrary PHP File Upload Vulnerability Date: 7/23/12 Exploit Author: Chris Kellum Vendor Homepage: http://mondaybynoon.com/ Software Link: http://downloads.wordpress.org/plugin/front-end-upload.0.5.4.4.zip...
CVE-2014-3782
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 double extension or 2 .php5, 3 .phtml, or some other PHP file extension...
Input validation
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 double extension or 2 .php5, 3 .phtml, or some other PHP file extension...
CVE-2014-3782
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 double extension or 2 .php5, 3 .phtml, or some other PHP file extension...