7206 matches found
CVE-2010-2099
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...
Design/Logic Flaw
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...
CVE-2010-2099
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...
Open-AudIT include_lang.php language Parameter Traversal Local File Inclusion
The web server hosts Open-AudIT, an open source network auditing application written in PHP. At least one install of Open-AudIT on the remote host fails to sanitize user-supplied input to the 'language' parameter before using it in 'includelang.php' to include PHP code. Regardless of PHP's...
hustoj - 'FCKeditor' Arbitrary File Upload
check this out bro = http://www.hack0wn.com/view.php?xroot=1267.0&cat=exploits details..: works with an Apache server with the modmime module installed if specific - vulnerable code in path/web/fckeditor/editor/filemanager/connectors/php/config.php // SECURITY: You must explicitly enable this...
CVE-2010-1546
CVE-2010-1546 affects Drupal's Chaos Tool Suite (CTools) module 6.x, prior to 6.x-1.4. An eval injection in the import functionality allows a remote authenticated user with "administer page manager" privileges to execute arbitrary PHP code via input to a text area, via the page_manager_page_impor...
CVE-2010-1546
Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to 1 the...
Drupal Panels Module 6.x PHP Code Execution Vulnerability
A vulnerability has been reported in Panels module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. Certain unspecified input is not properly sanitised before being used in the import functionality. This can be exploited to execute arbitrary PHP code...
cardinalCMS 1.2 - 'FCKeditor' Arbitrary File Upload
========================================================== cardinalCms 1.2 fckeditor Arbitrary File Upload Exploit. ========================================================== Date....................: 21-05-2010 Author..................: Ma3sTr0-Dz Location ...............: Algeria Software...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine DLE 8.3 allow remote attackers to execute arbitrary PHP code via a URL in 1 the selectedlanguage parameter to engine/inc/include/init.php, 2 the configlangs parameter to engine/inc/help.php, 3 the configlang parameter to...
Snipe Gallery 3.1 - gallery.php?cfg_admin_path Remote File Inclusion
Snipe Gallery 3.1 - gallery.php?cfgadminpath Remote File Inclusion source: https://www.securityfocus.com/bid/40279/info Snipe Gallery is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include...
Snipe Gallery 3.1 - 'gallery.php?cfg_admin_path' Remote File Inclusion
source: https://www.securityfocus.com/bid/40279/info Snipe Gallery is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute...
Snipe Gallery 3.1 - image.php?cfg_admin_path Remote File Inclusion
Snipe Gallery 3.1 - image.php?cfgadminpath Remote File Inclusion source: https://www.securityfocus.com/bid/40279/info Snipe Gallery is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include a...
Snipe Gallery 3.1 - 'image.php?cfg_admin_path' Remote File Inclusion
source: https://www.securityfocus.com/bid/40279/info Snipe Gallery is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute...
File Thingie v2.5.5 File Security Bypass
Exploit for php platform in category web applications ======================================== File Thingie v2.5.5 File Security Bypass ======================================== Title: File Thingie v2.5.5 File Security Bypass Author: Jeremiah Talamantes RedTeam Security Website:...
File Thingie 2.5.5 - File Security Bypass
Title: File Thingie v2.5.5 File Security Bypass Author: Jeremiah Talamantes RedTeam Security Website: http://www.redteamsecure.com/labs Date: 5/15/2010 Application: File Thingie Version: 2.5.5 Link: http://www.solitude.dk/filethingie/download Description: There are security controls in place that...
File Thingie 2.5.5 - File Security Bypass
File Thingie 2.5.5 - File Security Bypass Title: File Thingie v2.5.5 File Security Bypass Author: Jeremiah Talamantes RedTeam Security Website: http://www.redteamsecure.com/labs Date: 5/15/2010 Application: File Thingie Version: 2.5.5 Link: http://www.solitude.dk/filethingie/download Description:...
CVE-2010-1921
Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathom parameter to 1 annuaire.class.php, 2 droit.class.php, 3 collectivite.class.php, 4 profil.class.php, 5...
PolyPager 1.0rc10 - FCKeditor Arbitrary File Upload
PolyPager 1.0rc10 - FCKeditor Arbitrary File Upload Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1 0...
PolyPager 1.0rc10 - 'FCKeditor' Arbitrary File Upload
Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Vendor:...