367 matches found
Memberkit 1.0 Remote PHP File Upload Vulnerability
Exploit for unknown platform in category web applications ================================================== Memberkit 1.0 Remote PHP File Upload Vulnerability ================================================== =================================================================...
Mini File Host 1.x Arbitrary PHP File Upload Vulnerability
No description provided by source. --------------------------------------------------------- Portal Name: Mini File Host Version: All version Vendor : http://www.galaxyscripts.com Dork: inurl:index.php?page=img Powered By Mini File Host Author : PouyaServer , [email protected] Vulnerability ...
Kwalbum <= 2.0.2 Arbitary File Upload Vulnerability
No description provided by source. ========================================================== Kwalbum = 2.0.2 Arbitrary file upload Vulnerabilities ========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground...
cmsscratch-traverse.txt
------------------------------------------------------------------------ CMS from Scratch special THanks to EgiX For founded it :d: Exploit : http://localhost/path/cms/images.php?dir=c: Example : http://localhost/path/cms/images.php?dir=c:WINDOWS/system32/ Exploit 2 : and you can upload php file ...
CVE-2007-6668
admin/uploadgames.php in MySpace Content Zone MCZ 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading 1 a .php file and 2 a .php%00.jpeg file...
Woven dream content management system(DEDECMS 3.the X+4. X upload vulnerability-vulnerability warning-the black bar safety net
Ghost boy note:accurate to say should be DEDECMS used in the php version of FCKeditor there upload vulnerability, the gif89a file header to cheat, did not expect the php version of FCKeditor, even the existence of such a vulnerability, the gif89a file header spoofing is not fresh things. Sources ...
webspell40-multi.txt
WebSpell Authentication Bypass and arbitrary code execution Vendor : WebSpell URL : http://www.webspell.org/ Version : All Risk : SQL Injection, unchecked file upload Description: webSPELL is a free Content Management System CMS for clans and gaming communities, providing all needed features like...
WebSpell > 4.0 Authentication Bypass and arbitrary code execution
WebSpell Authentication Bypass and arbitrary code execution Vendor : WebSpell URL : http://www.webspell.org/ Version : All Risk : SQL Injection, unchecked file upload Description: webSPELL is a free Content Management System CMS for clans and gaming communities, providing all needed features like...
cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php)
Exploit for unknown platform in category local exploits ================================================================= cPanel cPanel Sorry Safe-mode Is On Script Not Work On This Server "; echo "Powered By Ashiyane Security Corporation www.Ashiyane.ir"; exit; $disablef =...
CVE-2006-3608
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file...
CVE-2006-2281
X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...
CVE-2006-1363
The CVE-2006-1363 issue affects Free Web Publishing System (FreeWPS) 2.11 (Justin White/YTZ). A remote attacker can upload a PHP file to the /upload directory via the dirPath parameter and then access that file to execute arbitrary PHP code, enabling remote code execution. Impact is partial confi...
security flaw
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...
wagora420_xpl.txt
W-agora 4.2.0 Remote code execution / cross site scripting poc exploit software: site: http://w-agora.net/en/index.php description: "W-Agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussions and other information on you...
CVE-2004-1448
Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...
CVE-2004-1448
Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...
e107 include() Remote Exploit
Exploit for unknown platform in category web applications ============================= e107 include Remote Exploit ============================= | | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. -= e107 remote sploit =- by sysbug Attack method: with this sploit u can send an...
CVE-2004-0613
osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory...
phpPOC.txt
PHP File Upload Vulnerability POC Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Author: Stefano Di Paola Affected: Php "; if isuploadedfile$FILES'userfile''tmpname' && moveuploadedfile$FILES'userfile''tmpname', $uploadfile print "File is valid, and was successfull...
PHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload
The remote host is running a version of PHP that is older than 4.3.9 or 5.0.2. The remote version of this software is affected by an unspecified file upload vulnerability that could allow a local attacker to upload arbitrary files to the server. This flaw can only be exploited locally...