Achievo 1.3.2 - 'FCKeditor' Arbitrary File Upload

array"zip","doc","xls","pdf","rtf","csv","jpg","gif","jpeg","png","avi","mpg","mpeg","swf","fla", with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked / errorreporting0...

SyntaxCMS <= 1.3 (fckeditor) Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ========================================================== SyntaxCMS special THanks to EgiX For the Exploit Code author...: Stack mail.....: Ev!L descr: if the web site change the name of path or path is /public/ you can delet /public/ in...

SyntaxCMS &lt;= 1.3 (fckeditor) Arbitrary File Upload Exploit

No description provided by source. ?php / -------------------------------------------------------------- Syntax CMS = 1.3 fckeditor Arbitrary File Upload Exploit -------------------------------------------------------------- Gr33ts t0 : EgiX, ThE GeNeRal L0s3r , Houssamix ,Str0ke == special THank...

syntaxcms-upload.txt

special THanks to EgiX For the Exploit Code author...: Stack mail.....: Ev!L descr: if the web site change the name of path or path is /public/ you can delet /public/ in the exploit in the line : "POST $pathpublic/fckeditor/editor/filemanager/upload/php/upload.php - vulnerable code in...

SyntaxCMS 1.3 - &#039;FCKeditor&#039; Arbitrary File Upload

special THanks to EgiX For the Exploit Code author...: Stack mail.....: Ev!L descr: if the web site change the name of path or path is /public/ you can delet /public/ in the exploit in the line : "POST $pathpublic/fckeditor/editor/filemanager/upload/php/upload.php - vulnerable code in...

CVE-2008-2480

PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the pagesdir parameter...

CVE-2008-2345

Unspecified vulnerability in the airfilemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering."...

CVE-2008-2345

Unspecified vulnerability in the airfilemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering."...

cPanel 11.21 - wwwact Privilege Escalation

cPanel 11.21 - wwwact Privilege Escalation source: https://www.securityfocus.com/bid/29277/info cPanel is prone to a remote privilege-escalation vulnerability because of an unspecified error. Successfully exploiting this issue allows remote attackers to gain administrative privileges to the...

cPanel 11.21 - &#039;wwwact&#039; Privilege Escalation

source: https://www.securityfocus.com/bid/29277/info cPanel is prone to a remote privilege-escalation vulnerability because of an unspecified error. Successfully exploiting this issue allows remote attackers to gain administrative privileges to the affected application and execute malicious PHP...

CVE-2008-2284

PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOXAPPLICATIONPATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-2296

PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter...

lanaicms-upload.txt

0 && !inarray $sExtension, $arAllowed || count$arDenied 0 && inarray $sExtension, $arDenied 63. SendResults '202' ; 64. 65. $sErrorNumber = '0'...

CMS Made Simple &lt;= 1.2.4 (FileManager module) File Upload Exploit

No description provided by source. ?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX...

Code injection

Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS aka itcms 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter...

La-Nai CMS &lt;= 1.2.16 (fckeditor) Arbitrary File Upload Exploit

No description provided by source. ?php / -------------------------------------------------------------- La-Nai CMS = 1.2.16 fckeditor Arbitrary File Upload Exploit -------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Lanius CMS 1.2.16 - FCKeditor Arbitrary File Upload

Lanius CMS 1.2.16 - FCKeditor Arbitrary File Upload 0 && !inarray $sExtension, $arAllowed || count$arDenied 0 && inarray $sExtension, $arDenied 63. SendResults '202' ; 64. 65. $sErr...

La-Nai CMS <= 1.2.16 (fckeditor) Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ============================================================== La-Nai CMS = 1.2.16 fckeditor Arbitrary File Upload Exploit ============================================================== ?php /...

Lanius CMS 1.2.16 - &#039;FCKeditor&#039; Arbitrary File Upload

0 && !inarray $sExtension, $arAllowed || count$arDenied 0 && inarray $sExtension, $arDenied 63. SendResults '202' ; 64. 65. $sErrorNumber = '0'...