ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution

source: https://www.securityfocus.com/bid/5028/info Zeroboard is a PHP web board package available for the Linux and Unix platforms. Under some circumstances, it may be possible to include arbitrary PHP files. The head.php file does not sufficiently check or sanitize input. When the "allowurlfope...

postnuke v 0.7.0.3 remote command execution

post nuke is one of popular content management system written in php . there are bug in file user.php line 107 which user can append $caselist array with their own value. foreach $caselist as $k=$v $ModName = $v'module'; include "$vpath/$k"; $caselist = array;...

Bypassing safe mode in PHP

It's possible to bypass safe mode limitation by using moveuploadedfile call and MySQL library functions to access files of different users...

twlc-adv-plesk211201.txt

twlc security divison 21/12/2001 plesk psa allows reading of .php files Found by: supergate ./twlc Summary: Plesk is a server admnistrator used by LOTS of web hosting companies to make easy the menagement of the server. Its a really cool software!! i work with it. This bug allows you to read the...

Получение исходного текста CGI в Bad Blue (source code retrieval)

Додбавив 00 к имени файла PHP или CGI можно получить его исходный код...

PHP File Upload Capability Hidden Form Field Modification Arbitrary File Access

A version of PHP that is older than 3.0.17 or 4.0.3 is running on this host. If a PHP service that allows users to upload files and then display their content is running on this host, an attacker may be able to read arbitrary files from the server. %NASLMINLEVEL 70300 C Tenable Network Security,...

SRADV00001.txt

================================================= Secure Reality Pty Ltd. Security Advisory 1 SRADV00001 http://www.securereality.com.au ================================================= Title Arbitrary file disclosure through PHP file upload Released 04/09/2000 We found this particular issue a...

(SRADV00001) Arbitrary file disclosure through PHP file upload

================================================= Secure Reality Pty Ltd. Security Advisory 1 SRADV00001 http://www.securereality.com.au ================================================= Title Arbitrary file disclosure through PHP file upload Released 04/09/2000 We found this particular issue a...

Vuln. in all sites using PHP-Nuke, versions less than 3

Greetings, PHP-Nuke is a Web Portal System, storytelling software also an automated web site to distribute news and articles with users system. Exploit: ------- The problem is when somebody does a http://example.com/admin.php3?admin=whatever, can have full access as an admin, that means posting...

CVE-2024-36774

An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...

PHP file inclusion via insert tags

More info at https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html...

PHP file inclusion via insert tags

More info at https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html...