Portaneo Portal v2.2.3 Remote Arbitary file upload exploit

Exploit for php platform in category web applications ========================================================== Portaneo Portal v2.2.3 Remote Arbitary file upload exploit ========================================================== Exploit database separated by exploit 0 0 // type local, remote,...

CVE-2010-1528

PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter...

In-portal 5.0.3 Arbitrary File Upload

Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Developers:...

In-portal 5.0.3 - Arbitrary File Upload

Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=...

CVE-2009-4793

Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file v...

CVE-2010-1153

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable...

CVE-2010-1153

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable...

Secunia Research: e107 Avatar/Photograph Image File Upload Vulnerability

====================================================================== Secunia Research 19/04/2010 - e107 Avatar/Photograph Image File Upload Vulnerability - ====================================================================== Table of Contents Affected...

Camiro-CMS_beta-0.1 (fckeditor) Remote Arbitrary File Upload Exploit

Exploit for php platform in category web applications ==================================================================== Camiro-CMSbeta-0.1 fckeditor Remote Arbitrary File Upload Exploit ==================================================================== ?php /...

e107 -- code execution and XSS vulnerabilities

Secunia Research reported two vulnerabilities in e107: The first problem affects installations that have the Content Manager plugin enabled. This plugin does not sanitize the "contentheading" parameter correctly and is therefore vulnerable to a cross site scripting attack. The second vulnerabilit...

CVE-2010-1360

CVE-2010-1360 affects FAQEngine 4.24.00. It involves multiple PHP remote file inclusion vulnerabilities that allow an attacker to execute arbitrary PHP code by supplying a URL in the path_faqe parameter to any of 13 PHP entry points (attachs.php, backup.php, badwords.php, categories.php, changepw...

CVE-2010-1360

Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the pathfaqe parameter to 1 attachs.php, 2 backup.php, 3 badwords.php, 4 categories.php, 5 changepw.php, 6 colorchooser.php, 7 colorwheel.php, 8 dbfiles.php, 9...

Secunia Research: Pulse CMS Arbitrary File Upload Vulnerability

====================================================================== Secunia Research 08/04/2010 - Pulse CMS Arbitrary File Upload Vulnerability - ====================================================================== Table of Contents Affected...

discuz! 7.0 and below the version background get webshell-vulnerability warning-the black bar safety net

Don't need the founder, you'll need administrator. http://www.fuck.com/admincp.php?action=styles&operation=edit&id=1&adv=1 In the following there is a“custom template variables”, the variable in the fill: PHP code 1. OLDJUN', '9 9 9';eval$POSTcmd;// Replace the contents of whatever the input: 1 1...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 admin/menu.php and 2 library/lib.menu.php; and the adminroot parameter to 3...

Gravity GTD rpc.php Malformed objectname Parameter (CVE-2008-5962; CVE-2008-5963)

Gravity GTD is an open source list manager for tracking action items according to the principles of Getting Things Done GTD. There exist multiple vulnerabilities in Gravity GTD. One attack vector could allow remote attackers to conduct directory traversal attacks and possibly read or write...

CVE-2010-1266

Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 template, 2 menu, 3 events, and 4 SITEROOT parameters to template/babyweb/index.php; the 5 modules and 6 copyright parameters to...

FreephpWebsiteSoftware 1.0 Remote File Include Vulnerability

Exploit for php platform in category web applications ============================================================ FreephpWebsiteSoftware 1.0 Remote File Include Vulnerability ============================================================ \|/// \ - - // @ @...

SQL Injection Vulnerabilitie in PhotoPost vBGallery 2.5

Product Imnformation -------------------- PhotoPost vBGallery is a popular commercial Image Gallery Add-on fr vBulletin which is being developed by All Enthusiasts, Inc. http://www.photopost.com Description ----------- PhotoPost vBGallery 2.5 allows the user to modify gallery settings for his...

phpaaCMS V0. 3 the presence of injection vulnerabilities-vulnerability warning-the black bar safety net

H4ckx7's Blog Accidentally passing a php the station, due to the own very little of PHP with the Institute to sloppy looked at is phpaaCMS, not large-scale CMS, habitual later added a“'”, I did not expect the explosion wrong! You have an error in your SQL syntax; check the manual that corresponds...