CVE-2011-0635

CVE-2011-0635 affects Simploo CMS 1.7.1 and earlier. The vulnerability is a static code injection flaw where remote authenticated users can inject arbitrary PHP into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation of index.php. ...

HDWiKi V 5.0 local contains 0Day-vulnerability warning-the black bar safety net

| 漏洞 文件 :\install\install.php Key code: ? php errorreportingEERROR | EWARNING | EPARSE; define'INHDWIKI', TRUE; define'HDWIKIROOT', '../'; $langname=$COOKIE'langname';/langname without any filter,direct from the Cookies deposited in langname/ ifisset$REQUEST'lang' / Detect whether the variable is...

Simploo CMS Community Edition - Remote PHP Code Execution Issue

Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity Affected Products: ============= Simploo CMS 1.7.1 and...

Simploo CMS 1.7.1 PHP Code Execution

Exploit for php platform in category web applications Simploo CMS Community Edition - Remote PHP Code Execution Issue Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits...

Simploo CMS 1.7.1 - PHP Code Execution

Simploo CMS Community Edition - Remote PHP Code Execution Issue Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of...

Simploo CMS 1.7.1 - PHP Code Execution

Simploo CMS 1.7.1 - PHP Code Execution Simploo CMS Community Edition - Remote PHP Code Execution Issue Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits =============...

Design/Logic Flaw

Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors...

CVE-2010-4537

CVE-2010-4537 affects CrawlTrack before 3.2.7. The provided documents indicate a remote code execution risk where an attacker could cause arbitrary PHP code execution when a public stats page is accessible, via unknown vectors. The root cause and exact vulnerable component/file aren’t detailed in...

CVE-2010-4537

Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors...

PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion

The web server hosts PhpGedView, a web-based real estate listing management application written in PHP. The version of PhpGedView installed on the remote host fails to sanitize user input to the 'pgvaction' parameter of the 'module.php' script before using it to include PHP code. Regardless of...

MantisBT 'db_type' Parameter Local File Inclusion

The MantisBT install on the remote host fails to sanitize user input to the 'dbtype' parameter of the 'admin/upgradeunattended.php' script before using it to include PHP code. Regardless of PHP's 'registerglobals' and 'magicquotesgpc' settings, an unauthenticated attacker can exploit this...

Code injection

phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification Trojan Horse in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code...

CVE-2010-4558

phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification Trojan Horse in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code...

JE Messenger 1.0 Arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

Publishing author: Salvatore Fresta aka Drosophila Official website: joomlaextensions. co. in Vulnerability type: file upload Vulnerability Description: The program save the function in an error, the compose.php allows to registered users to upload with any file extension. For a valid file...

eclime index.php ref Parameter SQL Injection

The version of eclime hosted on the remote web server fails to sanitize input to the 'ref' parameter of the 'index.php' script before using it in a database query. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated remote attacker can leverage this issue to manipulate SQL queries an...

JE Messenger 1.0 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications ==================================================== JE Messenger 1.0 Arbitrary File Upload Vulnerability ==================================================== JE Messenger 1.0 Arbitrary File Upload Vulnerability Name JE Messenger Vendor...

Joomla! Component JE Messenger 1.0 - Arbitrary File Upload

JE Messenger 1.0 Arbitrary File Upload Vulnerability Name JE Messenger Vendor http://joomlaextensions.co.in Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-12-09 X. INDEX I. ABOUT THE APPLICATIO...

Joomla! Component JE Messenger 1.0 - Arbitrary File Upload

Joomla! Component JE Messenger 1.0 - Arbitrary File Upload JE Messenger 1.0 Arbitrary File Upload Vulnerability Name JE Messenger Vendor http://joomlaextensions.co.in Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gma...

Abtp Portal Project 1.0 Local File Inclusion

!/usr/bin/perl =about ---------------------------------------------------------------------------------------------------- Name : Abtp Portal Project The variable $ ABTPVBLOQUECENTRAL was not correctly stated thus enabling the attack include malicious files or read files from the system. If...

Pulse CMS Basic Local File Include Vulnerability

Pulse CMS Basic is prone to a local file-include vulnerability. An attacker can exploit this issue to include arbitrary local files and execute PHP code on the affected computer in the context of the webserver process. This may facilitate a compromise of the application and the underlying system;...