CVE-2008-5695

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manageoptions and uploadfiles capabilities to execute arbitrary code by uploading a PHP script and adding this...

nept-upload.txt

//Title - NEPT Image Uploader shell upload //Vendor - newearthpt.freehostia.com //Version - 1.0 //Status - vendor has been notified //Author - Dentrasi //Description It is possible to upload a php script to the remote site. 1. Select a php file for upload 2. Select it for upload, and tamperdata t...

Sports Clubs Web Panel 0.0.1 Remote File Upload Vulnerability

Exploit for unknown platform in category web applications ============================================================= Sports Clubs Web Panel 0.0.1 Remote File Upload Vulnerability =============================================================...

Design/Logic Flaw

admin/modifconfig.php in Blog Pixel Motion aka PixelMotion does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct...

CVE-2005-0743

The custom avatar uploading feature uploader.php for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered...

CVE-2004-1386

TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200...