OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution

The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...

Joomla Component Mosets Tree 2.1.5 Shell Upload Vulnerability

No description provided by source. Exploit Title: Joomla Component Mosets Tree 2.1.5 Shell Upload Vulnerability Date: 6 September 2010 Author: jdc Software Link: http://www.mosets.com/tree/ Version: 2.1.5 Patched: 2.1.6 Tested on: PHP5, MySQL5 Mosets Tree suffers from a shell upload vulnerabilty...

openx -- remote code execution vulnerability

The OpenX project reported: It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised. This vulnerability exists in the file upload functionality and allows...

Pecio CMS <= 2.0.5 Multiple RFI Vulnerabilities

Pecio CMS is prone to multiple remote file inclusion RFI vulnerabilities. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

Pecio CMS 'template' Multiple Remote File Include Vulnerabilities

This host is running Pecio CMS and is prone to multiple remote file inclusion vulnerabilities. OpenVAS Vulnerability Test $Id: gbpeciocmsmultrfivuln.nasl 5323 2017-02-17 08:49:23Z teissa $ Pecio CMS 'template' Multiple Remote File Include Vulnerabilities Authors: Madhuri D Copyright: Copyright c...

CVE-2010-3209

Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to 1 Config/Container.php and 2 HTML/QuickForm.php in fog/lib/pear/, the 3 driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the...

CVE-2010-3205

PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter...

MyBackup <= 1.4.0 Multiple Vulnerabilities

MyBackup is prone to multiple vulnerabilities. These vulnerabilities include a directory traversal vulnerability and an arbitrary PHP code execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

MyBackup 1.4.0 Multiple Security Vulnerabilities

MyBackup is prone to multiple security vulnerabilities. These vulnerabilities include a directory-traversal vulnerability and a arbitrary PHP code execution vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary php code in the context of the affected site or obtain...

phpMyAdmin setup.php Arbitrary PHP Code Execution (PMASA-2010-4)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. Submitting a specially crafted POST request can result in arbitrary PHP code injection. A remote...

CVE-2009-4993

PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2009-4993

PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

Insufficient output sanitizing when generating configuration file.

PMASA-2010-4 Announcement-ID: PMASA-2010-4 Date: 2010-08-20 Summary Insufficient output sanitizing when generating configuration file. Description The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration...

MailForm 1.2 Remote File Inclusion

Exploit Title: MailForm Remote File Include Date: 14-8-2010 Author: LoSt.HaCkEr / aDaMTRoJaN Software Link: http://scripts.bdr130.net/files/any/MailForm.zip Version: v 1.2 Tested on: Windows XP CVE : هكر المسيب Contact: LoSt.HaCkEratyahoodotcom /0r/ [email protected]...

ECSHOP search injection vulnerability using exp and a background to take the shell-vulnerability warning-the black bar safety net

这个 是 search.php exp variants search.php? encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxmju6ijenksbhbmqgmt0yiedst1vqiejzigdvb2rzx2lkihvuaw9uigfsbcbzzwxly3qgy29uy2f0khvzzxjfbmftzswwednhlhbhc3n3b3jklccixccpihvuaw9uihnlbgvjdcaxiyinkswxigzyb20gzwnzx2fkbwlux3vzzxijijtzoje6ijeio319 Take SHELL landing in the...

CVE-2010-2918

PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites comjoomla-visites component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

PHP code execution vulnerability summary-vulnerability warning-the black bar safety net

PHP security lovers of the feastthe Month of PHP Security it. Read php-security on many of the cattle below, to issue to the shared under a., are idols wow. A code to perform the function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec...

DM Filemanager 3.9.11 Shell Upload

?php / ----------------------------------------------------------------- DM Filemanager fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- Vendor: www.dutchmonkey.com Download :...

TikiWiki jhot - Remote Command Execution (Metasploit)

$Id: tikiwikijhotexec.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Bitweaver wiki/rankings.php style Parameter Traversal Local File Inclusion

The remote web server hosts Bitweaver, an open source content management system written in PHP. At least one install of Bitweaver on the remote host fails to sanitize user-supplied input to the 'style' parameter of the 'wiki/rankings.php' script before using it to include PHP code. Regardless of...