Wordtrans-web exec_wordtrans Function Arbitrary Command Execution

The remote host is running wordtrans-web, a web-based front-end for wordtrans, for translating words. The version of wordtrans-web installed on the remote host fails to sanitize input to the 'advanced' parameter of the 'wordtrans.php' script before using it in an 'passthru' statement to execute P...

CVE-2008-2905

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the CacheLite package in Mambo 4.6.4 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2008-2884

PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-2884

PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-2885

PHP remote file inclusion vulnerability in src/browser/resource/categories/resourcecategoriesview.php in Open Digital Assets Repository System ODARS 1.0.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSESROOT parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the modroot parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroomjmdir parameter. NOTE: some of these details are obtained from third party information...

Seagull PHP Framework 0.6.4 - 'FCKeditor' Arbitrary File Upload

?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Seagull PHP Framework 0.6.4 - FCKeditor Arbitrary File Upload

Seagull PHP Framework 0.6.4 - FCKeditor Arbitrary File Upload ?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...:...

CVE-2008-2836

PHP remote file inclusion vulnerability in sendreminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483...

cmsworks-upload.txt

array"zip","doc","xls","pdf","rtf","csv","jpg","gif","jpeg","png","avi","mpg","mpeg","swf","fla", with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked / errorreporting0...

cmsWorks 2.2 RC4 (fckeditor) Remote Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ================================================================= cmsWorks 2.2 RC4 fckeditor Remote Arbitrary File Upload Exploit =================================================================...

cmsWorks 2.2 RC4 (fckeditor) Remote Arbitrary File Upload Exploit

No description provided by source. ?php / ----------------------------------------------------------------- cmsWorks 2.2 RC4 fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- discovered by Stack exploited by ..: EgiX special thnx to...

cmsWorks 2.2 RC4 - 'FCKeditor' Arbitrary File Upload

array"zip","doc","xls","pdf","rtf","csv","jpg","gif","jpeg","png","avi","mpg","mpeg","swf","fla", with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked / errorreporting0...

Open Digital Assets Repository System 1.0.2 - Remote File Inclusion

Open Digital Assets Repository System 1.0.2 - Remote File Inclusion source: https://www.securityfocus.com/bid/29881/info Open Digital Assets Repository System ODARS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploi...

CVE-2008-2772

The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."...

CVE-2008-2769

PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfigauthsmfpath parameter...

CVE-2008-2772

The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."...

FreeCMS.us 0.2 (fckeditor) Arbitrary File Upload Exploit

No description provided by source. ?php / -------------------------------------------------------------- FreeCMS.us 0.2 fckeditor Arbitrary File Upload Exploit -------------------------------------------------------------- By : Stack Special thnx for : Egix - vulnerable code in...

FreeCMS.us 0.2 (fckeditor) Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ======================================================== FreeCMS.us 0.2 fckeditor Arbitrary File Upload Exploit ======================================================== ?php / --------------------------------------------------------------...