The vulnerability in the “One Portal for Housing Fund Monitoring” platform, related to insufficient verification of the types of uploaded files, allows a perpetrator to execute arbitrary codes.

The vulnerability in the “One Portal for Housing Fund Monitoring” platform is related to insufficient verification of the types of files being uploaded. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by uploading a specially crafted php file with the extensi...

DamiCMS has an arbitrary file write vulnerability

DamiCMS is a content management system CMS for building websites quickly. DamiCMS v6.0.0 version exists arbitrary file write vulnerability, the vulnerability stems from the template editing page fails to strictly detect the file name suffix, an attacker can exploit the vulnerability to write...

Remote code execution

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related t...

PrestaShop Attribute Wizard addon code execution vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop. The program provides a variety of payment methods , SMS alerts and product image scaling and other features . Attribute Wizard addon is one of the product attribute add module . A security vulnerability exists in the...

CVE-2017-16798

In CMS Made Simple 2.2.3.1, the isfileacceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by...

CVE-2017-11715

job/uploadfilesave.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php...

Code injection

job/uploadfilesave.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php...

CVE-2017-11715

job/uploadfilesave.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php...

File Upload Vulnerability in MetInfo System

MetInfo is a Content Management System CMS developed using PHP and Mysql. A file vulnerability exists in the job/uploadfilesave.php file in MetInfo 5.3.17 and earlier versions, which stems from the program only blocking .php extensions and failing to block its related extensions. A remote attacke...

forumsirius.fr XSS vulnerability

Vulnerable URL: http://www.forumsirius.fr/orion/mc2.phtml?session=7dcraurb0d3csc19b7rs1lpmj2="--!" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 148207 VIP website status:| No Che...

Dotclear Arbitrary PHP Code Execution Vulnerability

Dotclear is a software developer Olivier Meunier developed a free PHP and MySQL-based blog Blog publishing software. A security vulnerability exists in the inc/core/class.dc.core.php file in versions of Dotclear prior to 2.8.2. A remote attacker can exploit this vulnerability by uploading a file...

CVE-2014-3782

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 double extension or 2 .php5, 3 .phtml, or some other PHP file extension...

Input validation

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 double extension or 2 .php5, 3 .phtml, or some other PHP file extension...

CVE-2014-3782

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 double extension or 2 .php5, 3 .phtml, or some other PHP file extension...

Flatnux 2009-03-27 (Upload/ID) Multiple Remote Vulnerabilities

No description provided by source. Author: girex Homepage: girex.altervista.org Date: 17/04/2009 CMS: flatnux-2009-03-27 site: flatnux.altervista.org Bugs: Multiple remote vulnerabilities Flatnux suffers of multiple local file inclusions: output of my scanner Line: 10 File:...

Flatnux 2009-03-27 (Upload/ID) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== Flatnux 2009-03-27 Upload/ID Multiple Remote Vulnerabilities ============================================================== Author: girex Date: 17/04/2009 CMS: flatnux-2009-03-...

uberupload.txt

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | |Uber Uploader 4.2 Arbitrary File Upload Vulnerability |Gamma Security Team |www.nullak.com |www.gammahack.com |Discovered:Null |Official Site:http://sourceforge.net/projects/uber-uploader |Download...

Uber Uploader 4.2 Arbitrary File Upload Vulnerability

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | |Uber Uploader 4.2 Arbitrary File Upload Vulnerability |Gamma Security Team |www.nullak.com |www.gammahack.com |Discovered:Null |Official Site:http://sourceforge.net/projects/uber-uploader |Download...