EUVD-2008-6782

Malware in sbrugna...

File upload vulnerability in mao10cms frontend

Mao10CMS is based on Thinkphp and Bootstrap development of free open-source PHP building system, suitable for building a variety of mini-malls, shopping and sharing, community and corporate websites. mao10cms foreground /do/imgupload.php file file upload vulnerability, due to $FILES over the file...

ibPhotohost 1.1.2 - SQL Injection

ibPhotohost 1.1.2 - SQL Injection + + Title: ibPhotohost 1.1.2 SQL Injection + Author: fred777 - fred777.5x.to + Link: http://mods.invisionize.com/index.php/f/7609 + Vuln: index.php?autocom=photohost&CODE=04&img=SQL Injection + Greetzz to: back2hack,free-hack,hackbase,c-c + Contact:...

Unrestricted file upload

Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team NEPT imgupload aka Image Uploader 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, ...

CVE-2008-6822

The CVE-2008-6822 entry concerns the NEPT imgupload (Image Uploader) 1.0 product. A vulnerability in uploadp.php enables remote code execution via unrestricted file upload: an attacker uploads a file with an executable extension and a modified content type, and then accesses that file directly (d...

Design/Logic Flaw

uploadimg.php in the Automatic Image Upload with Thumbnails imgUpload module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a 1 JPG, 2 GIF, or 3 PNG MIME type...

CVE-2007-6527

CVE-2007-6527 affects PunBB’s Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2. The issue arises because the upload handler only verifies the Content-Type of uploaded files, allowing remote attackers to upload and execute arbitrary content by crafting a file with a (1) JPG, (2) GIF...