2593 matches found
CVE-2011-3736
Affected software: ExoPHPDesk 1.2.1. The vulnerability is an information-disclosure flaw where requesting certain PHP files (e.g., upgrades/upgrade9.php and similar) can leak the installation path via an error message. Root cause is exposure of path information in responses, leading to potential ...
CVE-2011-3728
CVE-2011-3728 concerns Dolphin 7.0.4, where remote attackers can obtain sensitive information by requesting a specific PHP file. The vulnerability exposes the installation path in an error message, demonstrated by files such as xmlrpc/BxDolXMLRPCProfileView.php. The issue is a information disclos...
CVE-2011-3719
CVE-2011-3719 — CodeIgniter 1.7.2 information disclosure . The vulnerability allows remote attackers to obtain the installation path by requesting a direct .php file, causing an error message that reveals sensitive path information (as shown by system/scaffolding/views/view.php and related files)...
CVE-2011-3717
CVE-2011-3717 affects ClipBucket 2.0.9. Affected component is server-side PHP files; a remote attacker can trigger a direct request to a PHP file (e.g., plugins/signup_captcha/signup_captcha.php) and cause an error message that reveals the installation path, exposing sensitive information. The de...
CVE-2011-3714
CVE-2011-3714 affects ClanSphere 2010.0. The vulnerability allows remote attackers to obtain sensitive information through a direct request to a .php file (mods/board/attachment.php), causing an error message that reveals the installation path. The provided sources describe this path disclosure, ...
CVE-2011-3708
CVE-2011-3708 affects Automne 4.0.2. A remote attacker can obtain sensitive information via a direct request to a .php file, with the installation path revealed in an error message (shown by admin/page-redirect-info.php). The connected documents confirm the exposure but do not provide exploitatio...
EIN-SOF Solutions Blind SQL Injection
========================================================================= EIN-SOF Solutions BLIND SQL-i Vulnerability ========================================================================== +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+= +=+=+= +=+=+= /\ |...
WordPress TimThumb Plugin - Remote Code Execution
Exploit for php platform in category web applications Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link:...
CVE-2011-2745
uploadhandler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a writepost action to the...
Amoy Royal Taobao guest security vulnerabilities and fixes-vulnerability warning-the black bar safety net
Official website: http://www.taodisoft.com 1, demo Station background turned out to have a place to upload pictures, does not prohibit the upload. 2, the upload image simple filtration, easy to break, Upload a php file, and can be executed. 3, the servervpsconfiguration severe lower, get a webshe...
Leading Edge Technology Solutions SQL Injection
========================================================================= Leading Edge Technology Solutions L.E.T.S SQL-i Vulnerability ========================================================================== +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+=...
Widespread LizaMoon Web Attacks Push Rogue Antivirus
Security firms are warning about a fast-spreading Web based attack that has been linked to the installation of rogue anti virus products. More than 300,000 Web sites have been compromised in a campaign dubbed “LizaMoon,” and are now serving up malicious links to rogue antivirus products, accordin...
Small Pirate <= 2.3 (avatar) Remote PHP File Execute PoC
Exploit for php platform in category web applications Exploit Title: Small Pirate Content of pwned.txt /home146/sub011/sc78626-TZRV/xxxxxxxxx.org/poc.php VICTIM: 207.182.149.243 info: Mozilla/5.0 X11; U; Linux i686; es-AR; rv:1.9.2.13 Gecko/20101206 Ubuntu/10.04 lucid Firefox/3.6.13 language:...
WordPress Plugin User Photo Component - Arbitrary File Upload
WordPress Plugin User Photo Component - Arbitrary File Upload Exploit Title: WordPress User Photo Component Remote File Upload Vulnerability Google Dork: inurl:"/wp-content/uploads/userphoto/" Date: 17/FEB/2011 Author: ADVtools Software Link: http://wordpress.org/extend/plugins/user-photo/ Versio...
Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability
Exploit Title: Social Engine 4.x Music Plugin Arbitrary File Upload Google Dork: inurl:"user/auth/forgot" Date: 22/12/2010 Author: MyDoom Moroccan Hacker Contact: [email protected] Software Link: http://http://www.socialengine.net Version: Social Engine 4.x should work on previous versions but...
Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Social Engine 4.x Music Plugin Arbitrary File Upload Google Dork: inurl:"user/auth/forgot" Date: 22/12/2010 Author: MyDoom Moroccan Hacker Contact: email protected Software Link: http://http://www.socialengine.net Version: Socia...
Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Arbitrary Code Execution, Path Traversal, Cross-Site Scripting XSS, SQL injection and Information Disclosure. Component Type: TYPO3 Core Affected Versions: 4.2.15 and below, 4.3.8 and below, 4.4.4 and below Vulnerability Types: Arbitrary Cod...
Symantec Endpoint Protection File Overwrite
SUMMARY Symantec Endpoint Protection SEP Manager reporting module allows a php file overwrite from an authorized client that could potentially allow execution of arbitrary code on the server-side. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Endpoint Protection | 11.x |...
Pandora FMS <= 3.1 Mullti Vulnerability
Exploit for php platform in category web applications ======================================= Pandora FMS = 3.1 Mullti Vulnerability ======================================= Path Traversal: PHP File Inclusion or RFI/LFI: Remote/Local file inclusion - CVE-2010-4281 -CVE-2010-4282 - CVSS 8.5/10...
Pandora Fms 3.1 - Directory Traversal Local File Inclusion
Pandora Fms 3.1 - Directory Traversal Local File Inclusion + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating...