Unrestricted file upload

Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors...

CVE-2008-0222

Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors...

WordPress FileManager Plugin <= 1.2 - Arbitrary File Upload

Because of this vulnerability in ajaxfilemanager.php, the attackers can upload and execute arbitrary PHP code via unspecified vectors. Solution Update the plugin...

Evilsentinel &lt;= 1.0.9 (multiple vulnerabilities) Disable Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo ' Evilsentinel = 1.0.9 Disable Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love '; if $argc3 echo "Usage: php ".$argv0." Host Path newma...

DSECRG08-001.txt

Digital Security Research Group DSecRG Advisory DSECRG08-001 Application: Tuned Studios Templates Versions Affected: All Vendor URL: http:/www.tunedstudios.com Bug: Local File Include Exploit: YES Reported: 09.01.2008 Date of Public Advisory: 09.01.2008 Authors: Alexandr Polyakov, Stas Svistunovi...

Tuned Studios Templates Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================== Tuned Studios Templates Local File Inclusion Vulnerability ========================================================== Digital Security Research Group DSecRG Advisory DSECRG08-001...

LFI in Tuned Studios Templates

Digital Security Research Group DSecRG Advisory DSECRG08-001 Application: Tuned Studios Templates Versions Affected: All Vendor URL: http:/www.tunedstudios.com Bug: Local File Include Exploit: YES Reported: 09.01.2008 Date of Public Advisory: 09.01.2008 Authors: Alexandr Polyakov, Stas Svistunovi...

Tuned Studios Templates - Local File Inclusion

Digital Security Research Group DSecRG Advisory DSECRG08-001 Application: Tuned Studios Templates Versions Affected: All Vendor URL: http:/www.tunedstudios.com Bug: Local File Include Exploits: YES Reported: 09.01.2008 Date of Public Advisory: 09.01.2008 Authors: Alexandr Polyakov, Stas...

Sql injection

Eval injection vulnerability in loudblog/inc/parseold.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter...

CVE-2008-0143

PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter...

CVE-2008-0139

Eval injection vulnerability in loudblog/inc/parseold.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter...

CVE-2008-0138

PHP remote file inclusion vulnerability in xoopsgallery/initbasic.php in the modgallery module for XOOPS, when registerglobals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERYBASEDIR parameter...

CVE-2008-0143

CVE-2008-0143 describes a PHP remote file inclusion vulnerability in samPHPweb’s common/db.php (potentially version 4.2.2 and later) as packaged with SAM Broadcaster. An attacker can supply a URL via the commonpath parameter to cause arbitrary PHP code execution. Public CVSS v2 data in the record...

CVE-2008-0139

CVE-2008-0139 affects Loudblog 0.8.0 and earlier. An Eval injection in loudblog/inc/parse_old.php via the template parameter allows remote attackers to execute arbitrary PHP code. CVSS2 base metrics indicate Network access, no authentication, and partial impact to confidentiality, integrity, and ...

XoopsGallery init_basic.php GALLERY_BASEDIR Parameter Remote File Inclusion

The remote host is running XoopsGallery, a third-party module for Xoops. The version of XoopsGallery installed on the remote host fails to sanitize user-supplied input to the 'GALLERYBASEDIR' parameter of the 'modules/xoopsgallery/initbasic.php' script before using it to include PHP code. Provide...

halflife-dos.txt

---- Counter Strike 1.6 Denial Of Service POC ... ITDefence.ru Antichat.ru Counter Strike 1.6 Denial Of Service POC Eugene Minaev [email protected] Bug was found by Maxim Suhanov THE FUF works only with no-steam servers / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ /...

DCP-Portal &lt;= 6.11 Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q ?php echo "DCP Portal = 6.11 Remote SQL Injection Exploit\r\n"; echo "Coded by x0kster -x0ksterATgmailDOTcom - \r\n"; / Note : Magic Quotes = 0 Script Download : http://www.dcp-portal.org/ Bug in index.php : ?php //index.php ... 60. $sql = "SELE...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the configrootordner parameter...

CVE-2007-6642

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...

CVE-2007-6642

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...