CVE-2007-0375

Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for 1 plugins/user/example.php; 2 gmail.php, 3 example.php, or 4 ldap.php in plugins/authentication/; 5 modules/modmainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various...

CVE-2006-6913

CVE-2006-6913 affects phpMyFAQ 1.6.7 and earlier. An unspecified vulnerability allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. Multiple reports reference this entry and describe the ability to upload executable files, but the exact vectors, affected components, an...

CVE-2006-6913

Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors...

Unrestricted file upload

Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations...

CVE-2007-0082

usersadm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts...

CVE-2006-6879

Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter...

CVE-2006-4581

The CVE-2006-4581 entry concerns The Address Book 1.04e, with an unrestricted file upload vulnerability. The issue arises because the product validates the Content-Type header but does not validate the file extension, enabling remote attackers to upload arbitrary PHP scripts. The impact described...

CVE-2006-4581

Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts...

CVE-2006-6879

Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter...

CVE-2006-6913

Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors...

CVE-2006-4581

Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts...

Fishyshoop Security Vulnerability

Synopsis ======== The Fishyshoop shopping cart software contains a vulnerability which allows arbitrary users to create accounts with administrator privileges Background ========== Fishyshoop is a suite of PHP scripts allowing anybody to create an attractive online store. Affected Versions...

CVE-2006-6390

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...

CuteNews 1.4.5 Multiple Script XSS

The version of CuteNews installed on the remote host fails to sanitize input to the 'index.php', 'search.php', 'rss.php' and 'shownews.php' scripts before using it to generate dynamic HTML to be returned to the user. An unauthenticated attacker can exploit these issues to execute a cross-site...

CVE-2006-6112

LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under 1 class/ and 2 plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by a bayesianfilter.class.php and b bootstrap.php, which...

CVE-2006-6112

LifeType 1.0.x/1.1.x suffer a path-disclosure flaw due to insufficient access control on PHP scripts under class/ and plugins/. Remote attackers can elicit the installation path via direct requests to scripts such as bayesianfilter.class.php and bootstrap.php. Affected components: bayesianfilter....

dc-sql.txt

/ -061124a- \ | deV!Lz Clanportal - SQL Injection | \ / S Y N O P S I S / =================' - access: remote severity: high - An SQL injection has been found in deV!Lz Clanportal, which allows any logged in user to grant herself admin privileges in the system. B A C K G R O U N D /...

CVE-2006-5918

Unrestricted file upload vulnerability in RapidKill aka PHP Rapid Kill 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web...

Free File Hosting 1.1 - 'forgot_pass.php' File Inclusion

!/usr/bin/php -q -d shortopentag=on | | \\ | | | | | | \ //----------------------- | DEVIL TEAM - POLISH TEAM \/ http://www.rahim.webd.pl/ . .\ . \ / | | ||/ | || / \ | \ / /\ | | / | \ \ | |/ \ / \ | \ | || | | | | \ | / //\ | /|//|||| ||| /| / | | | | | \ | Free File Hosting = 1.1...

CVE-2003-1307

The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: th...