Lucene search
+L

367 matches found

0day.today
0day.today
added 2009/01/01 12:0 a.m.14 views

Memberkit 1.0 Remote PHP File Upload Vulnerability

Exploit for unknown platform in category web applications ================================================== Memberkit 1.0 Remote PHP File Upload Vulnerability ================================================== =================================================================...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/12/19 12:0 a.m.28 views

Mini File Host 1.x Arbitrary PHP File Upload Vulnerability

No description provided by source. --------------------------------------------------------- Portal Name: Mini File Host Version: All version Vendor : http://www.galaxyscripts.com Dork: inurl:index.php?page=img Powered By Mini File Host Author : PouyaServer , [email protected] Vulnerability ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/10/03 12:0 a.m.19 views

Kwalbum <= 2.0.2 Arbitary File Upload Vulnerability

No description provided by source. ========================================================== Kwalbum = 2.0.2 Arbitrary file upload Vulnerabilities ========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/05/30 12:0 a.m.23 views

cmsscratch-traverse.txt

------------------------------------------------------------------------ CMS from Scratch special THanks to EgiX For founded it :d: Exploit : http://localhost/path/cms/images.php?dir=c: Example : http://localhost/path/cms/images.php?dir=c:WINDOWS/system32/ Exploit 2 : and you can upload php file ...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2008/01/08 2:46 a.m.3 views

CVE-2007-6668

admin/uploadgames.php in MySpace Content Zone MCZ 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading 1 a .php file and 2 a .php%00.jpeg file...

7.5CVSS5.5AI score0.06356EPSS
Exploits0References5
myhack58
myhack58
added 2007/04/08 12:0 a.m.20 views

Woven dream content management system(DEDECMS 3.the X+4. X upload vulnerability-vulnerability warning-the black bar safety net

Ghost boy note:accurate to say should be DEDECMS used in the php version of FCKeditor there upload vulnerability, the gif89a file header to cheat, did not expect the php version of FCKeditor, even the existence of such a vulnerability, the gif89a file header spoofing is not fresh things. Sources ...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2007/02/24 12:0 a.m.22 views

webspell40-multi.txt

WebSpell Authentication Bypass and arbitrary code execution Vendor : WebSpell URL : http://www.webspell.org/ Version : All Risk : SQL Injection, unchecked file upload Description: webSPELL is a free Content Management System CMS for clans and gaming communities, providing all needed features like...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/02/23 12:0 a.m.75 views

WebSpell > 4.0 Authentication Bypass and arbitrary code execution

WebSpell Authentication Bypass and arbitrary code execution Vendor : WebSpell URL : http://www.webspell.org/ Version : All Risk : SQL Injection, unchecked file upload Description: webSPELL is a free Content Management System CMS for clans and gaming communities, providing all needed features like...

1.2AI score
Exploits0
0day.today
0day.today
added 2006/10/13 12:0 a.m.32 views

cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php)

Exploit for unknown platform in category local exploits ================================================================= cPanel cPanel Sorry Safe-mode Is On Script Not Work On This Server "; echo "Powered By Ashiyane Security Corporation www.Ashiyane.ir"; exit; $disablef =...

6.8AI score
Exploits0
NVD
NVD
added 2006/07/18 3:46 p.m.14 views

CVE-2006-3608

The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file...

4.6CVSS7.2AI score0.02215EPSS
Exploits1References7
NVD
NVD
added 2006/05/10 2:14 a.m.17 views

CVE-2006-2281

X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...

7.5CVSS7.7AI score0.01988EPSS
Exploits1References7
CVE
CVE
added 2006/03/23 11:0 a.m.46 views

CVE-2006-1363

The CVE-2006-1363 issue affects Free Web Publishing System (FreeWPS) 2.11 (Justin White/YTZ). A remote attacker can upload a PHP file to the /upload directory via the dirPath parameter and then access that file to execute arbitrary PHP code, enabling remote code execution. Impact is partial confi...

7.5CVSS7.5AI score0.02793EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2005/12/19 5:29 p.m.7 views

security flaw

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...

7.5CVSS6.9AI score0.65512EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2005/10/18 12:0 a.m.32 views

wagora420_xpl.txt

W-agora 4.2.0 Remote code execution / cross site scripting poc exploit software: site: http://w-agora.net/en/index.php description: "W-Agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussions and other information on you...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2005/02/13 5:0 a.m.27 views

CVE-2004-1448

Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...

7.4AI score0.01687EPSS
Exploits1References6
NVD
NVD
added 2004/12/31 5:0 a.m.17 views

CVE-2004-1448

Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...

4.6CVSS7.4AI score0.01687EPSS
Exploits1References6
0day.today
0day.today
added 2004/12/22 12:0 a.m.81 views

e107 include() Remote Exploit

Exploit for unknown platform in category web applications ============================= e107 include Remote Exploit ============================= | | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. -= e107 remote sploit =- by sysbug Attack method: with this sploit u can send an...

7.1AI score
Exploits0
NVD
NVD
added 2004/12/06 5:0 a.m.14 views

CVE-2004-0613

osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory...

7.5CVSS7.5AI score0.09869EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2004/10/01 12:0 a.m.33 views

phpPOC.txt

PHP File Upload Vulnerability POC Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Author: Stefano Di Paola Affected: Php "; if isuploadedfile$FILES'userfile''tmpname' && moveuploadedfile$FILES'userfile''tmpname', $uploadfile print "File is valid, and was successfull...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/17 12:0 a.m.37 views

PHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload

The remote host is running a version of PHP that is older than 4.3.9 or 5.0.2. The remote version of this software is affected by an unspecified file upload vulnerability that could allow a local attacker to upload arbitrary files to the server. This flaw can only be exploited locally...

2.1CVSS8.3AI score0.00577EPSS
Exploits0References1
Rows per page
Query Builder