1161 matches found
CVE-2007-1549
Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory...
CVE-2007-1549
CVE-2007-1549 affects phpx 3.5.15 where gallery.php’s addImage action allows unrestricted file upload. An attacker can upload arbitrary PHP scripts, which are placed under gallery/shelties/ and could be executed remotely. The CVE details focus on the unrestricted upload vulnerability and its abil...
CVE-2007-1549
Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory...
w-agora version 4.2.1 Information Disclosure Vulnerability
netVigilance Security Advisory 15 w-agora version 4.2.1 Information Disclosure Vulnerability Description: w-agora is a set of scripts written in PHP. This package is intended to allow users to share, exchange and publish information, files and discussions over the web. It is possible to disclose...
Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0
Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0 Date : 2007-02-24 Product : Grayscale Blog Version : 0.8.0 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/gsblogger/ - http://www.karlcore.com/programming/blog/ Vendor Status : 2007-02-24 - Not...
Grayscale Blog 0.8.0 - Security Bypass / SQL Injection / Cross-Site Scripting
Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0 Date : 2007-02-24 Product : Grayscale Blog Version : 0.8.0 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/gsblogger/ - http://www.karlcore.com/programming/blog/ Vendor Status : 2007-02-24 - Not...
Grayscale Blog 0.8.0 (Security Bypass/SQL/XSS) Multiple Remote Vulns
Exploit for unknown platform in category web applications ==================================================================== Grayscale Blog 0.8.0 Security Bypass/SQL/XSS Multiple Remote Vulns ==================================================================== Security Advisory - Multiple...
Sql injection
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...
CVE-2007-0971
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...
CVE-2007-0971
Jupiter CMS 1.1.5 is affected by multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and other headers that set the ip variable used in queries in index.php and related PHP scripts. This is the underlying cause: input ...
Unrestricted file upload
Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php...
CVE-2007-0764
Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php...
CVE-2007-0764
Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php...
CVE-2007-0764
CVE-2007-0764 concerns an unrestricted file upload in F3Site 2.1 and earlier . The vulnerability allows a remote authenticated administrator to upload and execute arbitrary PHP scripts by abusing a GIF86 header in a file passed via the uplf parameter , with the file later retrievable through a re...
KDPics <= 1.11 (exif.php lib_path) Remote File Include Vulnerability
No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- KDPics = Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Discovered by AsTrex "Rif Hackers Team"...
KDPics 1.11 - 'exif.php?lib_path' Remote File Inclusion
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- KDPics = Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Discovered by AsTrex "Rif Hackers Team"...
Sql injection
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the pollid parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The...
CVE-2007-0535
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the pollid parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The...
Information disclosure
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for 1 plugins/user/example.php; 2 gmail.php, 3 example.php, or 4 ldap.php in plugins/authentication/; 5 modules/modmainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various...
CVE-2007-0375
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for 1 plugins/user/example.php; 2 gmail.php, 3 example.php, or 4 ldap.php in plugins/authentication/; 5 modules/modmainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various...