CVE-2009-4315

Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magicquotesgpc is disabled, allows remote attackers to create or modify arbitrary files via a .. dot dot in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php fi...

piwik -- php code execution

secunia reports: Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the core/Cookie.php script using "unserialize" with user controlled input. This can be exploited to e.g. execute...

Piwik < 0.5 unserialize() PHP Code Execution Vulnerability

Binary data 5263.prm...

Achievo 1.4.2 Shell Upload

view source print? Affected Applications: Confirmed in Achievo 1.4.2. Other versions may also be affected. Severity: Medium – CVSS: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Vendor Status: New release available Achievo 1.4.3 Reference to Vulnerability Disclosure Policy:...

Simple Machines Forum Multiple Security Vulnerabilities

Exploit for unknown platform in category web applications ======================================================= Simple Machines Forum Multiple Security Vulnerabilities ======================================================= Simple Machines Forum is prone to multiple security vulnerabilities: - ...

Simple Machines Forum (SMF) 1.1.102.0 RC2 - Multiple Vulnerabilities

Simple Machines Forum SMF 1.1.102.0 RC2 - Multiple Vulnerabilities Simple Machines Forum is prone to multiple security vulnerabilities: - A remote PHP code-execution vulnerability - Multiple cross-site scripting vulnerabilities - Multiple cross-site request-forgery vulnerabilities - An...

WordPress 2.8.5 Shell Upload

============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted File Upload Arbitrary PHP Code...

WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

No description provided by source. ============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted...

WordPress Core &lt; 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted File Upload Arbitrary PHP Code...

TikiWiki jhot Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'TikiWiki jhot...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to 1 Calendar.php, 2 Comment.php, 3 Rss.php and 4 Trackback.php in lib/Loggix/Module/; and 5...

Design/Logic Flaw

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...

Siemens Gigaset SE361 WLAN - Remote Reboot (Denial of Service)

Siemens Gigaset SE361 WLAN - Remote Reboot Denial of Service Attacking port 1723flood, it restarts the device almost instantly, here's the code in PHP. It takes a few bytes for the AP to automatically restart \n"; else $trash = strrepeat"\x90","261"; fwrite$con, $trash; while !feof$con echo "$tra...

CVE-2009-3065

PHP remote file inclusion vulnerability in editor/edithtmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter...

SA-CONTRIB-2009-054 - Go - url redirects - Multiple vulnerabilities

The Go - url redirects gotwo module adds the option to add redirected URLs. This module was found to have multiple vulnerabilities. Arbitrary PHP code execution Due to improper use of the PCRE regular expression engine, users with permission to use the input filter provided by the module are able...

CVE-2008-7067

The CVE-2008-7067 issue affects PageTree CMS 0.0.2 BETA 0001, where a PHP remote file inclusion is possible through the parameter GLOBALS[PT_Config][dir][data] in admin/plugins/Online_Users/main.php. This allows an attacker to execute arbitrary PHP code on the server. The vulnerability is evidenc...

GLSA-200908-09 : DokuWiki: Local file inclusion

The remote host is affected by the vulnerability described in GLSA-200908-09 DokuWiki: Local file inclusion girex reported that data from the 'configcascade' parameter in inc/init.php is not properly sanitized before being used. Impact : A remote attacker could exploit this vulnerability to execu...

Code injection

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

CVE-2009-2852

WP-Syntax plugin 0.9.1 and earlier for Wordpress, with registerglobals enabled, allows remote attackers to execute arbitrary PHP code via the testfilterwphead array parameter to test/index.php, which is used in a call to the calluserfuncarray function...

Gazelle CMS 1.0 - Multiple Vulnerabilities Remote Code Execution

Gazelle CMS 1.0 - Multiple Vulnerabilities Remote Code Execution !/bin/bash Gazelle CMS 1.0 Multiple Vulnerabilities Script Download: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download Found by whitesheep on 11/08/2009 Contact: [email protected] - https://www.ihteam.net Need...