2592 matches found
PT-2007-2850 · Php · Php Photo Album
Name of the Vulnerable Software and Affected Versions: PHP Photo Album versions prior to 0.3.2.6 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the db file parameter in the common.php file. It is noted that versions 0.3.2.6 and 0.4.1beta do not contain...
CVE-2006-7147
PHP remote file inclusion vulnerability in includes/functionsmoduser.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2007-1288
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the configinstalldir parameter to 1 comment.php, 2 themes.php, 3 directory.php, and 4 sendmsg.php in admin/...
WebCalendar -- "noSet" variable overwrite vulnerability
Secunia reports: A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system. Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite...
Unrestricted file upload
Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file...
webspell40-multi.txt
WebSpell Authentication Bypass and arbitrary code execution Vendor : WebSpell URL : http://www.webspell.org/ Version : All Risk : SQL Injection, unchecked file upload Description: webSPELL is a free Content Management System CMS for clans and gaming communities, providing all needed features like...
WebSpell > 4.0 Authentication Bypass and arbitrary code execution
WebSpell Authentication Bypass and arbitrary code execution Vendor : WebSpell URL : http://www.webspell.org/ Version : All Risk : SQL Injection, unchecked file upload Description: webSPELL is a free Content Management System CMS for clans and gaming communities, providing all needed features like...
LoveCMS 1.4 - load Traversal Arbitrary File Access
LoveCMS 1.4 - load Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issu...
LoveCMS 1.4 - step Traversal Arbitrary File Access
LoveCMS 1.4 - step Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issu...
LoveCMS 1.4 - id Cross-Site Scripting
LoveCMS 1.4 - id Cross-Site Scripting source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacke...
LoveCMS 1.4 - 'id' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker can exploit these issues to steal...
LoveCMS 1.4 - 'step' Remote File Inclusion
source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker can exploit these issues to steal...
LoveCMS 1.4 - 'step' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker can exploit these issues to steal...
Jupiter CMS 1.1.5 Remote File Upload Exploit
No description provided by source. URL: http://www.acid-root.new.fr/advisories/12070214.txt / errorreportingEALL ^ ENOTICE; $url = ' http://localhost/jupiter/'; $xpl = new phpsploit; $xpl-agent"Mozilla"; $arr = arrayfrmdturl = $url.'modules/emoticons.php', "a" = 1, "reqfile" =...
Jupiter CMS 1.1.5 - Arbitrary File Upload
URL: http://www.acid-root.new.fr/advisories/12070214.txt / errorreportingEALL ^ ENOTICE; $url = ' http://localhost/jupiter/'; $xpl = new phpsploit; $xpl-agent"Mozilla"; $arr = arrayfrmdturl = $url.'modules/emoticons.php', "a" = 1, "reqfile" = arrayfrmdtfilename = "iamaphpfile.php", frmdttype =...
wps1-rfi.txt
+-------------------------------------------------------------------- + + Wap Portal Serve 1. = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Wap Portal Server + Venedor ...........: http://www.sakic.net + Class ...............
CVE-2007-0656
PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2007-0167
Multiple PHP file inclusion vulnerabilities in WGS-PPC aka PPC Search Engine, as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in 1 configadmin.php, 2 configmain.php, 3 configmember.php, and 4 mysqlconfig.php in config/; 5...
CVE-2007-0167
Multiple PHP file inclusion vulnerabilities in WGS-PPC aka PPC Search Engine, as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in 1 configadmin.php, 2 configmain.php, 3 configmember.php, and 4 mysqlconfig.php in config/; 5...
extreme-fusion 4.02 - Remote Code Execution
DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-...