18 matches found
EUVD-2007-5285
Malware in sbrugna...
EUVD-2007-5287
Malware in sbrugna...
EUVD-2007-5284
Malware in sbrugna...
EUVD-2007-5286
Malware in sbrugna...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the 1 contenus parameter to a contenus.php; the 2 tpelseifportalrepertoire parameter to b votes.php, c espaceperso.php, d enregistrement.php, e...
CVE-2007-5304
Multiple cross-site scripting XSS vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 repertimage parameter to utilisateurs/vousetesbannis.php, the 2 elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the 3...
CVE-2007-5307
ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 repertimage parameter to utilisateurs/vousetesbannis.php, the 2 elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the 3...
Command injection
ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...
CVE-2007-5306
ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information full path via unspecified vectors to utilisateurs/votesresultats.php...
CVE-2007-5304
Multiple cross-site scripting XSS vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 repertimage parameter to utilisateurs/vousetesbannis.php, the 2 elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the 3...
CVE-2007-5306
ELSEIF CMS Beta 0.6 is affected. The vulnerability allows remote attackers to obtain sensitive information (the full file path) via unspecified vectors to users/votesresultats.php. The available sources state the affected software and the exposure but do not specify the root cause details, affect...
CVE-2007-5305
ELSEIF CMS Beta 0.6 has multiple PHP remote file inclusion vulnerabilities (CVE-2007-5305). An attacker can trigger arbitrary PHP code execution by supplying a URL in specific parameters: the contenus parameter to contenus.php; the tpelseifportalrepertoire parameter to votes.php, espaceperso.php,...
CVE-2007-5307
Technical details about CVE-2007-5307 are not publicly available in the provided connected documents. Please monitor for updates on affected software, impact and remediation.
CVE-2007-5307
ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...
CVE-2007-5304
CVE-2007-5304 affects ELSEIF CMS Beta 0.6. The vulnerability is multiple cross-site scripting (XSS) weaknesses that allow remote attackers to inject arbitrary web script or HTML via three parameters in PHP scripts: repertimage (utilisateurs/vousetesbannis.php), elseifvotetxtresultatduvote (utilis...
CVE-2007-5305
Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the 1 contenus parameter to a contenus.php; the 2 tpelseifportalrepertoire parameter to b votes.php, c espaceperso.php, d enregistrement.php, e...
elseif-rfi.txt
Hello,, ELSEIF CMS Tested on "Else If version Beta 0.6" Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] These Are Examples .. iam tiered fetching the injected files : Remote File inclusion elseif/contenus.php?contenus=Shell...