Secunia Research: e107 Avatar/Photograph Image File Upload Vulnerability

====================================================================== Secunia Research 19/04/2010 - e107 Avatar/Photograph Image File Upload Vulnerability - ====================================================================== Table of Contents Affected...

Camiro-CMS_beta-0.1 (fckeditor) Remote Arbitrary File Upload Exploit

Exploit for php platform in category web applications ==================================================================== Camiro-CMSbeta-0.1 fckeditor Remote Arbitrary File Upload Exploit ==================================================================== ?php /...

e107 -- code execution and XSS vulnerabilities

Secunia Research reported two vulnerabilities in e107: The first problem affects installations that have the Content Manager plugin enabled. This plugin does not sanitize the "contentheading" parameter correctly and is therefore vulnerable to a cross site scripting attack. The second vulnerabilit...

CVE-2010-1360

Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the pathfaqe parameter to 1 attachs.php, 2 backup.php, 3 badwords.php, 4 categories.php, 5 changepw.php, 6 colorchooser.php, 7 colorwheel.php, 8 dbfiles.php, 9...

CVE-2010-1360

CVE-2010-1360 affects FAQEngine 4.24.00. It involves multiple PHP remote file inclusion vulnerabilities that allow an attacker to execute arbitrary PHP code by supplying a URL in the path_faqe parameter to any of 13 PHP entry points (attachs.php, backup.php, badwords.php, categories.php, changepw...

Secunia Research: Pulse CMS Arbitrary File Upload Vulnerability

====================================================================== Secunia Research 08/04/2010 - Pulse CMS Arbitrary File Upload Vulnerability - ====================================================================== Table of Contents Affected...

discuz! 7.0 and below the version background get webshell-vulnerability warning-the black bar safety net

Don't need the founder, you'll need administrator. http://www.fuck.com/admincp.php?action=styles&operation=edit&id=1&adv=1 In the following there is a“custom template variables”, the variable in the fill: PHP code 1. OLDJUN', '9 9 9';eval$POSTcmd;// Replace the contents of whatever the input: 1 1...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 admin/menu.php and 2 library/lib.menu.php; and the adminroot parameter to 3...

Gravity GTD rpc.php Malformed objectname Parameter (CVE-2008-5962; CVE-2008-5963)

Gravity GTD is an open source list manager for tracking action items according to the principles of Getting Things Done GTD. There exist multiple vulnerabilities in Gravity GTD. One attack vector could allow remote attackers to conduct directory traversal attacks and possibly read or write...

CVE-2010-1266

Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 template, 2 menu, 3 events, and 4 SITEROOT parameters to template/babyweb/index.php; the 5 modules and 6 copyright parameters to...

FreephpWebsiteSoftware 1.0 Remote File Include Vulnerability

Exploit for php platform in category web applications ============================================================ FreephpWebsiteSoftware 1.0 Remote File Include Vulnerability ============================================================ \|/// \ - - // @ @...

SQL Injection Vulnerabilitie in PhotoPost vBGallery 2.5

Product Imnformation -------------------- PhotoPost vBGallery is a popular commercial Image Gallery Add-on fr vBulletin which is being developed by All Enthusiasts, Inc. http://www.photopost.com Description ----------- PhotoPost vBGallery 2.5 allows the user to modify gallery settings for his...

phpaaCMS V0. 3 the presence of injection vulnerabilities-vulnerability warning-the black bar safety net

H4ckx7's Blog Accidentally passing a php the station, due to the own very little of PHP with the Institute to sloppy looked at is phpaaCMS, not large-scale CMS, habitual later added a“'”, I did not expect the explosion wrong! You have an error in your SQL syntax; check the manual that corresponds...

CVE-2009-4750

PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2009-4750

PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow 1 remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and...

CVE-2010-0988

CVE-2010-0988 affects Pulse CMS prior to 1.2.3. The issue comprises two related vulnerabilities: (1) an improper handling of login failures in includes/login.php that enables remote attackers to write arbitrary files and execute PHP code in the web root, and (2) an issue in viewing content where ...

CVE-2010-0988

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow 1 remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and...

Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability

====================================================================== Secunia Research 24/03/2010 - Pulse CMS login.php Arbitrary File Writing Vulnerability - ====================================================================== Table of Contents Affected...

Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability

====================================================================== Secunia Research 24/03/2010 - Pulse CMS login.php Arbitrary File Writing Vulnerability - ====================================================================== Table of Contents Affected...