5 matches found
CVE-2006-3531
includes/editor/insertimage.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified 1 pass and 2 session parameters, and 3 pass and 4 userlevel indices of the a PivotVars o...
CVE-2006-3532
Pivot 1.30 RC2 and earlier are affected by a PHP file inclusion vulnerability in includes/edit_new.php when register_globals is enabled. An attacker can supply a FTP URL or full file path in Paths[extensions_path] to execute arbitrary PHP code remotely. The issue enables partial impact to confide...
CVE-2006-3532
PHP file inclusion vulnerability in includes/editnew.php in Pivot 1.30 RC2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Pathsextensionspath parameter...
CVE-2006-3533
Multiple cross-site scripting XSS vulnerabilities in Pivot 1.30 RC2 and earlier, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 fg, 2 line1, 3 line2, 4 bg, 5 c1, 6 c2, 7 c3, and 8 c4 parameters in a includes/blogroll.php; 9 name and 10...
Pivot 1.30 RC2 - Privilege Escalation / Remote Code Execution
!/usr/bin/php -q -d shortopentag=on ? echo "Pivot = 1.30 RC2 privileges escalation / remote commands execution exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dorks: "Powered byPivot"\n"; echo "version specific: "Powered byPivot - 1.30 RC2"...