PT-2025-31538 · Undefined · Undefined

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc upload image.php script located at /admin area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the fi...

PHP 4.x/5 - cURL 'open_basedir' Restriction Bypass

source: https://www.securityfocus.com/bid/11557/info It is reported that cURL allows malicious users to bypass 'openbasedir' restrictions in PHP scripts. This issue is due to a failure of the cURL module to properly enforce PHPs 'openbasedir' restriction. Users with the ability to create or modif...

Jason Orcutt Prometheus 3.0/4.0/6.0 - Remote File Inclusion

source: https://www.securityfocus.com/bid/6087/info Prometheus is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Prometheus. An attacker may exploit this by supplying a path t...

Achievo 0.7/0.8/0.9 - Remote File Inclusion / Command Execution

source: https://www.securityfocus.com/bid/5552/info Achievo includes a PHP script which is used to generate JavaScript class.atkdateattribute.js.php. This script employs a number of PHP includeonce statements to call code contained in function libraries and grab configuration information. Attacke...