FreeBSD : suphp -- multiple local privilege escalation vulnerabilities (fb672330-02db-11dd-bd06-0017319806e7)

Multiple local privilege escalation are found in the symlink verification code. An attacker may use it to run a PHP script with the victim's privilege. This attack is a little harder when suphp operates in paranoid mode. For suphp that runs in owner mode which is the default in ports, immediate...

Simple PHP Scripts Gallery 0.x - index.php Cross-Site Scripting

Simple PHP Scripts Gallery 0.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28056/info Simple PHP Scripts 'gallery' is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this...

LightBlog 9.6 - Username Local File Inclusion

LightBlog 9.6 - Username Local File Inclusion lightblog 9.6 local file inclusion vulnerability download http://www.publicwarehouse.co.uk/phpscripts/lightblog.php author muuratsalo contact muuratsaloatgmail.com exploit...

artmedic-xss.txt

artmedic weblog multiple xss vulnerabilities download http://artmedic-phpscripts.de/index.php?did=artmedicweblog.zip author muuratsalo contact muuratsaloatgmail.com exploits http://localhost/artmedicweblog/artmedicprint.php?date=alert1 http://localhost/artmedicweblog/index.php?jahrneu=alert1...

Directory traversal

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the page parameter to certain PHP scripts under wp-admin/ or 2 the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path...

CVE-2008-0195

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages...

Design/Logic Flaw

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages...

CVE-2008-0196

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the page parameter to certain PHP scripts under wp-admin/ or 2 the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path...

CVE-2008-0195

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages...

WordPress <= 2.0.11 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information via an empty value of the "page" parameter to certain PHP scripts under wp-admin/. Solution Update WordPress...

meBiblio-xss.txt

meBiblio 0.4.5 XSS --------------------- Author : ShAy6oOoN --------------------- Group : PitBull Crew --------------------- Script : meBiblio 0.4.5 --------------------- Download : http://downloads.sourceforge.net/mebiblio/meBiblio-0.4.5.tar.gz?modtime=1195237984&bigmirror=0 --------------------...

Path traversal

Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter...

Sql injection

Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in 1 hal.php, 2 cetak.php, 3 lihat.php, 4 pesan.php, and 5 teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to t...

CVE-2007-4780

Joomla! 1.5 before RC2 aka Endeleo allows remote attackers to obtain sensitive information the full path via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories...

CVE-2007-4780

Joomla! 1.5 before RC2 aka Endeleo allows remote attackers to obtain sensitive information the full path via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories...

Directory traversal

Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. dot dot in the lang parameter to index.php and other unspecified PHP scripts...

CVE-2007-2679

PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts sphp allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the fileexists function. NOTE: the provenance...

CVE-2007-2679

Summary: CVE-2007-2679 is a PHP file inclusion vulnerability in Ivan Peevski gallery 0.3 (Simple PHP Scripts, sPHP). Affected component: index.php; vulnerability arises from using a user-supplied gallery parameter as input to file_exists, enabling inclusion of arbitrary PHP code through UNC or lo...

Free Image Hosting 2.0 - &#039;AD_BODY_TEMP&#039; Remote File Inclusion

Baslik :ImageUpload Script Remote File Inclusion Exploit Free Image Hosting 2.0 .ndir : http://free-php-scripts.net/scripts/ImageUpload.zip Bulan :CrackersChild Zay.flk : Exploit : www.site.com/imageuploadpath/login.php?ADBODYTEMP=Shell? :...

Unrestricted file upload

Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory...