EUVD-2006-7017

Malware in sbrugna...

WordPress Photoracer plugin <= 1.0 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Photoracer plugin = 1.0 SQL Injection Vulnerability Google Dork: inurl:wp-content/plugins/photoracer/viewimg.php Date: 2011-08-26 Author: evilsocket evilsocket at gmail dot com Software Link: http://wordpress.org/extend/plugins/photorace...

EasyTalk X2.0.2 前台任意文件删除漏洞

简要描述： EasyTalk处理用户上传头像的代码有问题，若判断用户上传的头像不合法，则根据参数$POST'imgpath'的路径删除用户上传的非法头像文件。漏洞出在EasyTalk对$POST'imgpath'处理不当上，没有对用户提交的参数进行判断就直接删除imgpath指向的文件。 详细说明： 在SettingAction.class.php 101行的函数doface2中： public function doface2 $ysw=$POST 'ysw'; if $ysw460 $zoom=intval$ysw/460; else $zoom=1; $x=$POST...

CVE-2006-7035

Directory traversal vulnerability in makethumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter...

CVE-2006-7035

Directory traversal vulnerability in makethumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter...