SPAW Editor 2.0.8.1 - Local File Inclusion

Exploit Title: local file include Date: Author: soorakh kos Software Link: http://sourceforge.net/projects/spaw/files/spaw-php/SPAW%20PHP%20v.2.0.8.1/spaw-php-2081-gpl.zip/download Version: SPAW Editor v.2 Thanks: kose roya , kose soosan , kose amam,kose dokhtar amam ,and all jaghi iranian boys...

Directory traversal

Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the 1 lang, 2 theme, and 3 module parameters...

CONTENTCustomizer 3.1 - Dialog.php Unauthorized Access

CONTENTCustomizer 3.1 - Dialog.php Unauthorized Access source: https://www.securityfocus.com/bid/26437/info CONTENTCustomizer is prone to an unauthorized access vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker could exploit this issue to delete...

CONTENTCustomizer 3.1 - 'Dialog.php' Unauthorized Access

source: https://www.securityfocus.com/bid/26437/info CONTENTCustomizer is prone to an unauthorized access vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker could exploit this issue to delete arbitrary files, rename files, or reset the content of...

CVE-2007-5817

dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a 1 del, 2 delbackup, 3 res, or 4 ren action. NOTE: this issue can be leveraged to conduct cross-site scripting XSS and possibly other attacks...

CVE-2007-5816

dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page...

CVE-2007-5816

dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page...

CVE-2007-5817

dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a 1 del, 2 delbackup, 3 res, or 4 ren action. NOTE: this issue can be leveraged to conduct cross-site scripting XSS and possibly other attacks...

CVE-2007-5817

CVE-2007-5817 affects CONTENTCustomizer 3.1mp and earlier. The issue allows remote attackers to perform certain privileged actions via (1) del, (2) delbackup, (3) res, or (4) ren actions, and it can be leveraged to perform cross-site scripting (XSS) and possibly other attacks. Connected sources c...

CONTENTCustomizer 3.1 - Dialog.php Information Disclosure

CONTENTCustomizer 3.1 - Dialog.php Information Disclosure source: https://www.securityfocus.com/bid/26291/info CONTENTCustomizer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks...