CVE-2008-6768

Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/...

CVE-2008-6769

Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file...

Unrestricted file upload

Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

CVE-2008-6769

Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/...

CVE-2009-1446

Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details ar...

CVE-2008-6731

CVE-2008-6731 describes an unrestricted file upload vulnerability in submitlink.php of FlexPHPLink Pro 0.0.7 . An attacker can upload a file with an executable extension and then access the renamed file under the linkphoto/ path to execute arbitrary PHP code remotely. The vulnerability stems from...

CVE-2009-1314

body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension...

CVE-2008-6684

Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in MemberAdmin/logo/...

Unrestricted file upload

Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/...

CVE-2008-6584

html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the urlupload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory...

Unrestricted file upload

Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature. NOTE: the provenance of this information is unknown; the details are...

CVE-2008-6568

CVE-2008-6568 refers to an unrestricted file upload vulnerability in Yehe 2.0. An attacker can upload a file with an executable extension and trigger code execution by accessing that file through the envoyer feature. The core issue is improper validation of uploaded content, enabling remote code ...

CVE-2008-6367

Unrestricted file upload vulnerability in Photos/createalbum.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Memberimages/...

Unrestricted file upload

Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...

CVE-2008-5677

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICSPATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the...

CVE-2008-5663

Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using 1 loadreceiver.php or 2 a shipainter action to paintsave.php, then accessing the uploaded file via a dire...

CVE-2008-5677

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICSPATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/uploadform.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/...