CVE-2007-4007

PHP remote file inclusion vulnerability in index.php in Article Directory Article Site Directory allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2007-3980

PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter...

CVE-2007-3934

PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the pmode parameter...

CVE-2007-3932

uploadimg.php in the Expose RC35 and earlier comexpose component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder...

CVE-2007-3932

uploadimg.php in the Expose RC35 and earlier comexpose component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder...

CVE-2007-3932

CVE-2007-3932 affects the Joomla! Expose component (RC35 and earlier, com_expose) via uploadimg.php. The code fails to exit after detecting non‑JPEG uploads, enabling an unauthenticated attacker to upload and execute arbitrary PHP in the img/ folder (remote code execution). This is supported by t...

Expose for Joomla! File Upload RCE

The Expose component for Joomla!, a third-party component for Flash galleries, running on the remote host is affected by a remote code execution vulnerability within the comexpose/uploadimg.php script due to improper sanitization or verification of uploaded files before placing them in a...

CVE-2007-3813

PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MKPATH parameter...

mycms098-exec.txt

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n";...

mycms-exec.txt

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argcNo new score set"; elseif $score $data $file1 = "snakescore.txt"; $file2 = "snakesetby.txt"; $file1h = fopen$file1, 'w' or die"can't open file"; $file2h = fopen$file2, 'w' or die"can't open file"...

Code injection

Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into 1 a score.txt file via the score parameter, or 2 a setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php...

CVE-2007-3587

CVE-2007-3587 affects MyCMS 0.9.8 and earlier. The vulnerability allows remote attackers to gain privileges by exploiting the admin cookie parameter, demonstrated via a POST to admin/settings.php that injects PHP code into settings.inc, which can then be executed by requesting index.php. This des...

CVE-2007-3587

MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php...

MyCMS <= 0.9.8 Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " MyCMS = 0.9.8 Remote Command Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc3 echo "Usage: php ".$argv0." Host...

CVE-2007-3544

Unrestricted file upload vulnerability in 1 wp-app.php and 2 app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wppostmeta table and the use of custom fields in normal...

CVE-2007-3543

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...

Unrestricted file upload

Unrestricted file upload vulnerability in 1 wp-app.php and 2 app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wppostmeta table and the use of custom fields in normal...

CVE-2007-3543

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...

Unrestricted file upload

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...

CVE-2007-3543

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...