Lucene search
K

156 matches found

Packet Storm
Packet Storm
added 2006/11/09 12:0 a.m.20 views

speedwiki20.txt

product :Speedwiki 2.0 vendor site: http://speedywiki.sourceforge.net/ risk:critical a user logged in , can upload a PHP script on the server , by the upload script , there's actually no upload filter on this cms path : /speedywiki/index.php?upload=1 xss get :...

7.4AI score
Exploits0
NVD
NVD
added 2006/03/14 1:6 a.m.16 views

CVE-2006-1207

PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/USERNAME file...

5CVSS6.9AI score0.01512EPSS
Exploits1References5
NVD
NVD
added 2006/03/14 1:6 a.m.19 views

CVE-2006-1208

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory...

7.5CVSS7.6AI score0.01965EPSS
Exploits1References8
Cvelist
Cvelist
added 2006/03/14 1:0 a.m.20 views

CVE-2006-1207

PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/USERNAME file...

6.9AI score0.01512EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2006/03/14 12:0 a.m.5 views

PT-2006-2223 · Php · Php Upload Center

Name of the Vulnerable Software and Affected Versions: PHP Upload Center affected versions not specified Description: The issue allows remote attackers to download password hashes due to insufficient access control. Specifically, password hashes are stored under the web root, making them accessib...

5CVSS6.3AI score0.01512EPSS
Exploits1References6
Cvelist
Cvelist
added 2006/01/27 11:0 p.m.19 views

CVE-2005-4671

Cross-site scripting XSS vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

5.8AI score0.01693EPSS
Exploits1References3
CVE
CVE
added 2006/01/27 11:0 p.m.50 views

CVE-2005-4671

Technical details about CVE-2005-4671 are not publicly available in the provided connected documents. Monitor for updates.

4.3CVSS6.1AI score0.01693EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/01/13 12:0 a.m.32 views

PHP Upload Center index.php filename Parameter Directory Traversal Arbitrary File Access

The remote host is running PHP Upload Center, a file manager written in PHP. The version of PHP Upload Center installed on the remote host fails to remove directory traversal sequences user input to the 'filename' parameter of the 'index.php' script. An attacker can leverage this flaw to read...

5CVSS8.7AI score0.03051EPSS
Exploits1References2
NVD
NVD
added 2005/12/31 5:0 a.m.15 views

CVE-2005-4671

Cross-site scripting XSS vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

4.3CVSS5.8AI score0.01693EPSS
Exploits1References3
securityvulns
securityvulns
added 2005/12/16 12:0 a.m.35 views

ezUpload Pro vuln

ezUpload Pro vuln Vuln. discovered by : r0t Date: 16 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/ezupload-pro-vuln.html vendor:http://www.scriptscenter.com/ezupload/ affected version: 2.2 and prior Product Description: ezUpload Pro is the world's most popular PHP upload solutio...

0.1AI score
Exploits0
CVE
CVE
added 2005/12/01 11:0 a.m.81 views

CVE-2005-3947

CVE-2005-3947 affects PHP Upload Center. A vulnerability in index.php allows directory traversal through the filename parameter (using ../), enabling an attacker to read arbitrary files on the server with the web server’s privileges. Technical details across sources confirm the vulnerable compone...

5CVSS6.8AI score0.03051EPSS
Exploits1References5
Cvelist
Cvelist
added 2005/12/01 11:0 a.m.14 views

CVE-2005-3947

Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter...

6.8AI score0.03051EPSS
Exploits1References5
NVD
NVD
added 2005/12/01 6:3 a.m.10 views

CVE-2005-3947

Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter...

5CVSS6.8AI score0.03051EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2005/05/30 12:0 a.m.31 views

citypostXSS.txt

sNKenjoi's Security Advisory: XSS Vunerabilities in Multiple CityPost Software Security Advisory: XSS Vunerabilities in Multiple CityPost Software Severity: Medium Title: XSS Vunerabilities in Simple PHP Upload, Simple Image Editor and Automated Link Exchange Vendor: Allen Kim Vendor Website:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/04/20 12:0 a.m.26 views

[SA15010] CityPost Simple PHP Upload "message" Cross-Site Scripting

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: CityPost Simple PHP Upload "message" Cross-Site...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2005/04/19 12:0 a.m.13 views

CityPost Simple PHP Upload - Simple-upload-53.php Cross-Site Scripting

CityPost Simple PHP Upload - Simple-upload-53.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13261/info CityPost Simple PHP Upload is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to...

6.8AI score
Exploits0
Rows per page
Query Builder