CVE-2010-4537

CVE-2010-4537 affects CrawlTrack before 3.2.7. The provided documents indicate a remote code execution risk where an attacker could cause arbitrary PHP code execution when a public stats page is accessible, via unknown vectors. The root cause and exact vulnerable component/file aren’t detailed in...

CVE-2010-4537

Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors...

PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion

The web server hosts PhpGedView, a web-based real estate listing management application written in PHP. The version of PhpGedView installed on the remote host fails to sanitize user input to the 'pgvaction' parameter of the 'module.php' script before using it to include PHP code. Regardless of...

MantisBT 'db_type' Parameter Local File Inclusion

The MantisBT install on the remote host fails to sanitize user input to the 'dbtype' parameter of the 'admin/upgradeunattended.php' script before using it to include PHP code. Regardless of PHP's 'registerglobals' and 'magicquotesgpc' settings, an unauthenticated attacker can exploit this...

Code injection

phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification Trojan Horse in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code...

CVE-2010-4558

phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification Trojan Horse in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code...

JE Messenger 1.0 Arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

Publishing author: Salvatore Fresta aka Drosophila Official website: joomlaextensions. co. in Vulnerability type: file upload Vulnerability Description: The program save the function in an error, the compose.php allows to registered users to upload with any file extension. For a valid file...

eclime index.php ref Parameter SQL Injection

The version of eclime hosted on the remote web server fails to sanitize input to the 'ref' parameter of the 'index.php' script before using it in a database query. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated remote attacker can leverage this issue to manipulate SQL queries an...

JE Messenger 1.0 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications ==================================================== JE Messenger 1.0 Arbitrary File Upload Vulnerability ==================================================== JE Messenger 1.0 Arbitrary File Upload Vulnerability Name JE Messenger Vendor...

Joomla! Component JE Messenger 1.0 - Arbitrary File Upload

Joomla! Component JE Messenger 1.0 - Arbitrary File Upload JE Messenger 1.0 Arbitrary File Upload Vulnerability Name JE Messenger Vendor http://joomlaextensions.co.in Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gma...

Abtp Portal Project 1.0 Local File Inclusion

!/usr/bin/perl =about ---------------------------------------------------------------------------------------------------- Name : Abtp Portal Project The variable $ ABTPVBLOQUECENTRAL was not correctly stated thus enabling the attack include malicious files or read files from the system. If...

Joomla! Component JE Messenger 1.0 - Arbitrary File Upload

JE Messenger 1.0 Arbitrary File Upload Vulnerability Name JE Messenger Vendor http://joomlaextensions.co.in Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-12-09 X. INDEX I. ABOUT THE APPLICATIO...

Pulse CMS Basic Local File Include Vulnerability

Pulse CMS Basic is prone to a local file-include vulnerability. An attacker can exploit this issue to include arbitrary local files and execute PHP code on the affected computer in the context of the webserver process. This may facilitate a compromise of the application and the underlying system;...

[eVuln.com] PHP Code Execution in Alguest

New eVuln Advisory: PHP Code Execution in Alguest Summary: http://evuln.com/vulns/153/summary.html Details: http://evuln.com/vulns/153/description.html -----------Summary----------- eVuln ID: EV0153 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: high Type: PHP Code Execution...

Pulse CMS Basic Local File Include Vulnerability

Pulse CMS Basic is prone to a local file-include vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pulsecms:pulsecms...

Alguest 1.1c-patched Code Execution

New eVuln Advisory: PHP Code Execution in Alguest Summary: http://evuln.com/vulns/153/summary.html Details: http://evuln.com/vulns/153/description.html -----------Summary----------- eVuln ID: EV0153 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: high Type: PHP Code Execution...

CVE-2010-4281

Incomplete blacklist vulnerability in the safeurlextraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : colon character...

CVE-2010-4281

CVE-2010-4281 describes an incomplete blacklist vulnerability in Pandora FMS prior to 3.1.1. The issue lies in the safe_url_extraclean function used by ajax.php (parameter page); it filters the colon character but fails to prevent UNC paths, allowing an attacker to reference remote resources (e.g...

Digitalus 1.10.0 Alpha2 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications =========================================================== Digitalus 1.10.0 Alpha2 Arbitrary File Upload Vulnerability =========================================================== +Script: Digitalus +Version: 1.10.0 Alpha2 +vendor:...

Pandora FMS <= 3.1 Multiple Input Validation Vulnerabilities - Active Check

Pandora FMS is prone to an authentication bypass vulnerability as well as the following input-validation vulnerabilities: - A commandinjection vulnerability - Multiple SQL injection SQLi vulnerabilities - A remote file include RFI vulnerability - An arbitrary PHP code execution vulnerability -...