SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution

The taxonomyimage module allows site administrators to associate images with taxonomy terms. The module did not sufficiently filter retrieval of taxonomy images, allowing users to bypass Drupal's normal file upload protections to install malicious HTML or executable code to the server. This...

CVE-2012-1641

The finderimport function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import...

CVE-2012-4036

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged b...

CVE-2010-5091

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file...

Code injection

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file...

CVE-2010-5091

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file...

WordPress Monsters Editor for WP Super Edit Plugin - Arbitrary File Upload

WordPress Monsters Editor for WP Super Edit plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation. Solution Update the plugi...

WordPress Plugin Rich Widget - Arbitrary File Upload

WordPress Plugin Rich Widget - Arbitrary File Upload source: https://www.securityfocus.com/bid/55174/info The Rich WidgetPlugin for WordPress is prone to an arbitrary file-upload vulnerability. An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web...

WordPress Plugin Rich Widget - Arbitrary File Upload

source: https://www.securityfocus.com/bid/55174/info The Rich WidgetPlugin for WordPress is prone to an arbitrary file-upload vulnerability. An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access...

Tiki Wiki CMS Groupware jhot.php RCE Vulnerability

Tiki Wiki CMS Groupware is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors...

CVE-2012-4343

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors...

Code injection

The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors...

PBBoard - 'admin.php?xml_name' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/54916/info PBBoard is prone to multiple security vulnerabilities including: 1. Multiple SQL-injection vulnerabilities 2. A security-bypass vulnerability 3. An arbitrary file upload vulnerability Exploiting these issues could allow an attacker to carry out...

CVE-2012-3448

Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors...

CVE-2012-3448

Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors...

Design/Logic Flaw

Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors...

CVE-2012-3448

Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors...

CVE-2012-3448

CVE-2012-3448 is a remote PHP code execution vulnerability in Ganglia Web prior to 3.5.1. The issue arises from insufficient input sanitization in the Ganglia Web interface, enabling an attacker to execute arbitrary PHP code on the web server. Public sources in the connected set confirm the affec...

CVE-2012-3448

Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors...