OSSIM v2.1.5 Arbitrary File Upload

No description provided by source. Advisory Name: Arbitrary File Upload in OSSIM Vulnerability Class: Arbitrary File Upload Release Date: 12-16-2009 Affected Applications: Confirmed in OSSIM 2.1.5. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity:...

CVE-2009-4315

Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magicquotesgpc is disabled, allows remote attackers to create or modify arbitrary files via a .. dot dot in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php fi...

CVE-2009-4315

Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magicquotesgpc is disabled, allows remote attackers to create or modify arbitrary files via a .. dot dot in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php fi...

CVE-2009-4264

PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the languagepath parameter...

piwik -- php code execution

secunia reports: Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the core/Cookie.php script using "unserialize" with user controlled input. This can be exploited to e.g. execute...

Piwik < 0.5 unserialize() PHP Code Execution Vulnerability

Binary data 5263.prm...

Advisory 03/2009: Piwik Cookie unserialize&#40;&#41; Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Piwik Cookie Unserialize Vulnerability Release Date: 2009/12/09 Last Modified: 2009/12/09 Author: Stefan Esser stefan.esseratsektioneins.de Application: Piwik = 0.4.5 Severity: Piwik unserializes user input which allows an...

CVE-2009-4223

PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter...

Achievo 1.4.2 Shell Upload

view source print? Affected Applications: Confirmed in Achievo 1.4.2. Other versions may also be affected. Severity: Medium – CVSS: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Vendor Status: New release available Achievo 1.4.3 Reference to Vulnerability Disclosure Policy:...

Achievo 1.4.2 Arbitrary File Upload

Exploit for unknown platform in category web applications =================================== Achievo 1.4.2 Arbitrary File Upload =================================== Affected Applications: Confirmed in Achievo 1.4.2. Other versions may also be affected. Severity: Medium – CVSS: 6.8...

Achievo 1.4.2 Arbitrary File Upload

No description provided by source. Affected Applications: Confirmed in Achievo 1.4.2. Other versions may also be affected. Severity: Medium – CVSS: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Vendor Status: New release available Achievo 1.4.3 Reference to Vulnerability Disclosure Policy:...

Simple Machines Forum (SMF) 1.1.102.0 RC2 - Multiple Vulnerabilities

Simple Machines Forum SMF 1.1.102.0 RC2 - Multiple Vulnerabilities Simple Machines Forum is prone to multiple security vulnerabilities: - A remote PHP code-execution vulnerability - Multiple cross-site scripting vulnerabilities - Multiple cross-site request-forgery vulnerabilities - An...

Simple Machines Forum Multiple Security Vulnerabilities

Exploit for unknown platform in category web applications ======================================================= Simple Machines Forum Multiple Security Vulnerabilities ======================================================= Simple Machines Forum is prone to multiple security vulnerabilities: - ...

CVE-2009-4115

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the 1 category and 2 Icon URL fields; or 3 inject arbitrary PHP...

Code injection

Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field...

Code injection

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the 1 category and 2 Icon URL fields; or 3 inject arbitrary PHP...

CVE-2009-4113

Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field...

CVE-2009-4115

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the 1 category and 2 Icon URL fields; or 3 inject arbitrary PHP...

Remote file inclusion

PHP remote file inclusion vulnerability in assets/plugins/mp3id/mp3id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSBASE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Sugar CRM 5.5.0.rc2/5.2.0j - Multiple Vulnerabilities

Author: Janek Vind 'waraxe' Vulnerable: SugarCRM SugarCRM 5.5.0.RC2 SugarCRM SugarCRM 5.2.0j Product: http://www.sugarcrm.com/crm/ Description: SugarCRM is prone to multiple remote vulnerabilities, including: 1. Multiple SQL-injection vulnerabilities 2. Multiple unauthorized access vulnerabilitie...