CVE-2013-7465

Ice Cold Apps Servers Ultimate 6.0.212 does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts...

Vehicle Sales Management System - Multiple Vulnerabilities

Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link: https://sourceforge.net/projects/vsms-php/?source=typredirect Version: 07/2017 possible v1.2 Tested on:...

cPanel < 11.25 CSRF - Add User php Script

No description provided by source. Exploit Title: cPanel 11.25 CSRF - Add php script Date: 27.05.2011 Author: ninjashell Software Link: http://cpanel.net Version: 11.25 see details below Tested on: Linux CVE : N/A I. Introduction cPanel versions below and excluding 11.25 , are vulnerable to CSRF...

cPanel Cross Site Request Forgery

Exploit Title: cPanel " Afterwards simply check for ninjashell.php in the directory. III. Counter-measures All cPanel versions starting from 11.25 and above have two in-built security features to prevent such attacks - security tokens and referrer security check. This means that if you are a cpan...

Joomla Front-End Article Manager System Upload Vulnerability

Exploit for php platform in category web applications ============================================================ Joomla Front-End Article Manager System Upload Vulnerability ============================================================...

Flax Article Manager 1.1 - Remote PHP Script Upload

Flax Article Manager 1.1 - Remote PHP Script Upload Flax Article Manager 1.1 Remote File Upload Vulnerability ---------------------------------------------------------- Discovered By: S.W.A.T. [email protected] Home: www.batlagh.com Script Page: http://www.clixint.com/products/articles Dork:...

CVE-2008-5695

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manageoptions and uploadfiles capabilities to execute arbitrary code by uploading a PHP script and adding this...

CVE-2008-5695

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manageoptions and uploadfiles capabilities to execute arbitrary code by uploading a PHP script and adding this...

nept-upload.txt

//Title - NEPT Image Uploader shell upload //Vendor - newearthpt.freehostia.com //Version - 1.0 //Status - vendor has been notified //Author - Dentrasi //Description It is possible to upload a php script to the remote site. 1. Select a php file for upload 2. Select it for upload, and tamperdata t...

Sports Clubs Web Panel 0.0.1 Remote File Upload Vulnerability

Exploit for unknown platform in category web applications ============================================================= Sports Clubs Web Panel 0.0.1 Remote File Upload Vulnerability =============================================================...

Design/Logic Flaw

admin/modifconfig.php in Blog Pixel Motion aka PixelMotion does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct...

CVE-2005-0743

The custom avatar uploading feature uploader.php for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered...

CVE-2004-1386

TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200...