Orbis CMS 1.0.2 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications =================================================== Orbis CMS 1.0.2 Arbitrary File Upload Vulnerability =================================================== 'Orbis CMS' Arbitrary Script Execution Vulnerability CVE-2010-4313 Mark Stanislav -...

Orbis CMS 1.0.2 - Arbitrary File Upload

'Orbis CMS' Arbitrary Script Execution Vulnerability CVE-2010-4313 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Orbis CMS' filemanfileupload.php script that allows any authenticated user to upload a PHP script and...

OpenX <= 2.8.1 execute arbitrary PHP code-exploits warning-the black bar safety net

Test method: OpenX adserver version 2.8.1 and lower is vulnerable to remote code execution. To be exploited, this vulnerability requires banner / file upload permissions, such as granted to the 'advertiser' and 'administrator' roles. This vulnerability is caused by the insecure file upload...

JVN#53886050 Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. Impact If an arbitrary...

CVE-2007-4820

Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter...

CVE-2007-0082

This entry covers CVE-2007-0082 affecting IMGallery 2.5 and earlier. The vulnerability occurs in users_adm/start1.php where files with multiple extensions are not properly handled, allowing remote authenticated users to upload and execute arbitrary PHP scripts. The documented impact is partial co...

CVE-2006-6255

The CVE-2006-6255 entry concerns the NukeAI 0.0.3 Beta module for PHP-Nuke, where a vulnerability in util.php allows remote code execution. An attacker can upload and execute arbitrary PHP code by supplying a filename with a .php extension in the filename parameter and code in the moreinfo parame...

LoudBlog 0.41 - index.php?template Traversal Arbitrary File Access

LoudBlog 0.41 - index.php?template Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure...

TRG News 3.0 Script - Remote File Inclusion

TRG News 3.0 Script - Remote File Inclusion source: https://www.securityfocus.com/bid/12855/info A remote file include vulnerability affects TRG News. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality...

CVE-2004-1386

TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200...

CVE-2004-1386

CVE-2004-1386 : TikiWiki before 1.8.4.1 fails to properly verify uploaded images, enabling remote attackers to upload and execute arbitrary PHP scripts. This is a server-side code execution risk via image upload in the Wiki edit flow. The public description notes a separate issue (CVE-2005-0200) ...

TikiWiki File Upload temp Directory Arbitrary Script Execution

The remote host is running TikiWiki, a content management system written in PHP. The remote version of this software is vulnerable to a flaw in the way TikiWiki handles uploaded files. If an attacker is able to upload a file, they can then call the script remotely via a request to the...

YaPiG 0.92 - Remote Server-Side Script Execution

source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplied data. It is reported that an attacker may be ab...

PayPal Store Front 3.0 - &#039;index.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This could be exploited to include a remo...

MoreGroupWare 0.6.8 - WEBMAIL2_INC_DIR Remote File Inclusion

MoreGroupWare 0.6.8 - WEBMAIL2INCDIR Remote File Inclusion source: https://www.securityfocus.com/bid/8249/info moregroupware is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a...

DCP-Portal 5.0.1 - editor.php?Root Remote File Inclusion

DCP-Portal 5.0.1 - editor.php?Root Remote File Inclusion source: https://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously...

N/X Web Content Management System 2002 Prerelease 1 - &#039;datasets.php?c_path&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...

NX Web Content Management System 2002 Prerelease 1 - menu.inc.php?c_path Remote File Inclusion

NX Web Content Management System 2002 Prerelease 1 - menu.inc.php?cpath Remote File Inclusion source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attack...

PEEL 1.0b - Remote File Inclusion

source: https://www.securityfocus.com/bid/6496/info PEEL is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value fo...

PHP-Address 0.2 e - Remote File Inclusion

PHP-Address 0.2 e - Remote File Inclusion source: https://www.securityfocus.com/bid/5039/info PHP-Address is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-suppli...