CVE-2007-2430

shared/code/tcetmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php...

CVE-2007-2430

shared/code/tcetmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php...

CVE-2007-2430

CVE-2007-2430 affects TCExam 4.0.011 and earlier. The vulnerability is in shared/code/tce_tmx.php, where an attacker can create arbitrary PHP files in cache/ by placing crafted content and directory-traversal data into a SessionUserLang cookie that is processed by public/code/index.php. This indi...

burnCMS <= 0.2(root)Remote File Include Vulnerablities

burnCMS = 0.2rootRemote File Include Vulnerablities D.Script: http://www.burnstone.ch/downloads/burnCMS-0.2.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:PathburnCMS/lib/authuser.php?root=Shell Exploit:PathburnCMS/lib/misc.php?root=Shell...

Unrestricted file upload

Unrestricted file upload vulnerability in forumwrite.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter...

CVE-2007-2182

The CVE concerns an unrestricted file upload vulnerability in Maran PHP Forum’s forum_write.php. The issue arises from allowing a trailing %00 in a filename in the page parameter, enabling remote attackers to upload and execute arbitrary PHP files. The documented impact is partial confidentiality...

AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities

No description provided by source. AjPortal2Php Class: File Include Vulnerability Remote: Yes Site: http://www.ajlopez.com/downloads/AjPortal2Php.zip Author: Alkomandoz Hacker Contact: [email protected] file ; begin.inc.php connection.inc.php events.inc.php footer.inc.php header.inc.p...

CVE-2007-2024

Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a 1 php3, 2 php4, or 3 php5 extension...

Unrestricted file upload

Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a 1 php3, 2 php4, or 3 php5 extension...

CVE-2007-2024

Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a 1 php3, 2 php4, or 3 php5 extension...

Integer overflow

Multiple vulnerabilities in 1 bank.php, 2 landfill.php, 3 outposts.php, 4 tribes.php, 5 house.php, 6 tribearmor.php, 7 tribeastral.php, 8 tribeware.php, and 9 includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large...

CVE-2007-1408

Multiple vulnerabilities in 1 bank.php, 2 landfill.php, 3 outposts.php, 4 tribes.php, 5 house.php, 6 tribearmor.php, 7 tribeastral.php, 8 tribeware.php, and 9 includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large...

ActiveCalendar 1.2.0, Multiple vulnerabilities

ActiveCalendar 1.2.0, Multiple vulnerabilities Vendor site : http://www.micronetwork.de/activecalendar/ Global risk : Critical Multiples XSS : --------------- /activecalendar/data/page.php?css="scriptalertdocument.cookie/script In : /data/ flatevents.php js.php mysqlevents.php m2.php m3.php m4.ph...

CVE-2006-7049

The Method method in WikkaWiki Wikka Wiki before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files...

CVE-2006-7049

The Method method in WikkaWiki Wikka Wiki before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files...

Discloser远程文件包含漏洞

Discloser是一款基于PHP的WEB应用程序。 Discloser不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'content.php'和'indexhead.php'脚本对用户提交的'fileloc'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Discloser Discloser 0.0.4 http://optusnet.dl.sourceforge.net/sourceforge/discloser/...

CVE-2006-6347

Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector...

PT-2006-6801 · Active Php · Active Php Bookmarks

Name of the Vulnerable Software and Affected Versions: Active PHP Bookmarks version 1.1.02 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the APB SETTINGS'apb path' parameter in 1 apb common.php or 2 apb.php. However, it is noted that the PHP scripts exi...

XSS in script Mobile

Discovered : SwEET-DeViL & HaCkEr sUn Product: http://www.ac4p.com tame : AL-garnei :::::::::::::::::::::::::::::::::::::::::: /1/ index.php http://www.site.com/path/index.php?Bloks=XSS http://www.site.com/path/index.php?Newnews=XSS http://www.site.com/path/index.php?lBlok=XSS...

AFGB GUESTBOOK 2.2 (Htmls) Remote File Include Vulnerabilities

No description provided by source. afgb GUESTBOOK V2.2 Htmls Remote File Include Vulnerability Turkish Hacker's Discovered By : mdX ------------------------------------------------------ Cyber-Warrior TIM Ay ve YIldIzlar Geceye YakISIr... the moon and the stars suit the night Class : REmote File...