Design/Logic Flaw

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file...

Chaturbate: Unrestricted POST request size on roomlogin endpoint

POST requests to endpoint /roomlogin/ are not limited in size. While the main website login endpoint correctly limits the size of request, this endpoint does not. This can be a mean to perform a DOS attack. Steps To Reproduce: 1. has a password-protected stream. 2. Send a large POST request to...

cPanel 11.x (Fantastico) Local File Include / SM-b0x

Exploit for php platform in category web applications cPanel 11.x Fantastico Local File Include / SM-b0x ////\ //\ //\ //\ //\ //\ //\ //\ //\ :::/\ ::\:.\ \::\ \ \ \ :\ \ ::: \ \::: \ \::\ \:::/ /: / \:::/ ::/\ .\ \ //\:\ \ :: \ \:: /:/ /: / /::/ /\/\:: ::\ \::::/ :...

NavBoard 2.6.0 - Remote Code Execution

"; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print ""; print ""; print "Admin email address blank will not display"; print ""; print "input ty...