1984 matches found
OpenX banner-edit.php File Upload PHP Code Execution
$Id: openxbanneredit.rb 9247 2010-05-08 03:07:51Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
Gallo <= 0.1.0 RFI Vulnerability
Gallo is prone to a remote file include RFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2009-4834
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to nowconnect.php...
CVE-2009-4834
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to nowconnect.php...
CVE-2009-4793
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file v...
CVE-2010-1153
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable...
FreephpWebsiteSoftware 1.0 Remote File Include Vulnerability
Exploit for php platform in category web applications ============================================================ FreephpWebsiteSoftware 1.0 Remote File Include Vulnerability ============================================================ \|/// \ - - // @ @...
CVE-2009-4750
PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...
CVE-2010-0988
CVE-2010-0988 affects Pulse CMS prior to 1.2.3. The issue comprises two related vulnerabilities: (1) an improper handling of login failures in includes/login.php that enables remote attackers to write arbitrary files and execute PHP code in the web root, and (2) an issue in viewing content where ...
CVE-2010-0755
PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter...
Bits Video Script 2.042.05 - addvideo.php Arbitrary File Upload Arbitrary PHP Code Execution
Bits Video Script 2.042.05 - addvideo.php Arbitrary File Upload Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can...
Bits Video Script 2.04/2.05 - '/register.php' Arbitrary File Upload / Arbitrary PHP Code Execution
source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the...
Bits Video Script 2.042.05 - register.php Arbitrary File Upload Arbitrary PHP Code Execution
Bits Video Script 2.042.05 - register.php Arbitrary File Upload Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can...
Bits Video Script 2.04/2.05 - '/addvideo.php' Arbitrary File Upload / Arbitrary PHP Code Execution
source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the...
phpwind 7.5 apps/groups/index.php远程包含漏洞
apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码 ?php if $route == "groups" requireonce $basePath . '/action/mgroups.php'; elseif $route == "group" requireonce $basePath . '/action/mgroup.php'; elseif $route == "galbum" requireonce $basePath . '/action/mgalbum.php';...
Piwik Open Flash Chart Remote Code Execution Vulnerability
Exploit for unknown platform in category web applications ========================================================== Piwik Open Flash Chart Remote Code Execution Vulnerability ========================================================== Class: Input Validation Error CVE: Remote: Yes Local: No...
Piwik Open Flash Chart Remote Code Execution Vulnerability
No description provided by source. Bugtraq ID: 37314 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Dec 14 2009 12:00AM Updated: Dec 17 2009 06:03PM Credit: Braeden Thomas Vulnerable: Piwik Piwik 0.4.3 Piwik Piwik 0.4.2 Piwik Piwik 0.4.1 Piwik Piwik 0.4 Piwik Piwik 0.2.37 Piw...
OSSIM v2.1.5 Arbitrary File Upload
No description provided by source. Advisory Name: Arbitrary File Upload in OSSIM Vulnerability Class: Arbitrary File Upload Release Date: 12-16-2009 Affected Applications: Confirmed in OSSIM 2.1.5. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity:...
OSSIM 2.1.5 - Arbitrary File Upload
OSSIM 2.1.5 - Arbitrary File Upload Advisory Name: Arbitrary File Upload in OSSIM Vulnerability Class: Arbitrary File Upload Release Date: 12-16-2009 Affected Applications: Confirmed in OSSIM 2.1.5. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity:...
CVE-2009-4315
Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magicquotesgpc is disabled, allows remote attackers to create or modify arbitrary files via a .. dot dot in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php fi...