156 matches found
speedwiki20.txt
product :Speedwiki 2.0 vendor site: http://speedywiki.sourceforge.net/ risk:critical a user logged in , can upload a PHP script on the server , by the upload script , there's actually no upload filter on this cms path : /speedywiki/index.php?upload=1 xss get :...
CVE-2006-1207
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/USERNAME file...
CVE-2006-1208
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory...
CVE-2006-1207
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/USERNAME file...
PT-2006-2223 · Php · Php Upload Center
Name of the Vulnerable Software and Affected Versions: PHP Upload Center affected versions not specified Description: The issue allows remote attackers to download password hashes due to insufficient access control. Specifically, password hashes are stored under the web root, making them accessib...
CVE-2005-4671
Cross-site scripting XSS vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2005-4671
Technical details about CVE-2005-4671 are not publicly available in the provided connected documents. Monitor for updates.
PHP Upload Center index.php filename Parameter Directory Traversal Arbitrary File Access
The remote host is running PHP Upload Center, a file manager written in PHP. The version of PHP Upload Center installed on the remote host fails to remove directory traversal sequences user input to the 'filename' parameter of the 'index.php' script. An attacker can leverage this flaw to read...
CVE-2005-4671
Cross-site scripting XSS vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter...
ezUpload Pro vuln
ezUpload Pro vuln Vuln. discovered by : r0t Date: 16 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/ezupload-pro-vuln.html vendor:http://www.scriptscenter.com/ezupload/ affected version: 2.2 and prior Product Description: ezUpload Pro is the world's most popular PHP upload solutio...
CVE-2005-3947
CVE-2005-3947 affects PHP Upload Center. A vulnerability in index.php allows directory traversal through the filename parameter (using ../), enabling an attacker to read arbitrary files on the server with the web server’s privileges. Technical details across sources confirm the vulnerable compone...
CVE-2005-3947
Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter...
CVE-2005-3947
Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter...
citypostXSS.txt
sNKenjoi's Security Advisory: XSS Vunerabilities in Multiple CityPost Software Security Advisory: XSS Vunerabilities in Multiple CityPost Software Severity: Medium Title: XSS Vunerabilities in Simple PHP Upload, Simple Image Editor and Automated Link Exchange Vendor: Allen Kim Vendor Website:...
[SA15010] CityPost Simple PHP Upload "message" Cross-Site Scripting
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: CityPost Simple PHP Upload "message" Cross-Site...
CityPost Simple PHP Upload - Simple-upload-53.php Cross-Site Scripting
CityPost Simple PHP Upload - Simple-upload-53.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13261/info CityPost Simple PHP Upload is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to...