Lucene search
K

5 matches found

NVD
NVD
added 2006/07/12 9:5 p.m.12 views

CVE-2006-3531

includes/editor/insertimage.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified 1 pass and 2 session parameters, and 3 pass and 4 userlevel indices of the a PivotVars o...

7.5CVSS7.1AI score0.09356EPSS
Exploits1References8
CVE
CVE
added 2006/07/12 9:0 p.m.41 views

CVE-2006-3532

Pivot 1.30 RC2 and earlier are affected by a PHP file inclusion vulnerability in includes/edit_new.php when register_globals is enabled. An attacker can supply a FTP URL or full file path in Paths[extensions_path] to execute arbitrary PHP code remotely. The issue enables partial impact to confide...

5.1CVSS7.9AI score0.07889EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2006/07/12 9:0 p.m.19 views

CVE-2006-3532

PHP file inclusion vulnerability in includes/editnew.php in Pivot 1.30 RC2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Pathsextensionspath parameter...

7.6AI score0.07889EPSS
Exploits1References7
Cvelist
Cvelist
added 2006/07/12 9:0 p.m.23 views

CVE-2006-3533

Multiple cross-site scripting XSS vulnerabilities in Pivot 1.30 RC2 and earlier, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 fg, 2 line1, 3 line2, 4 bg, 5 c1, 6 c2, 7 c3, and 8 c4 parameters in a includes/blogroll.php; 9 name and 10...

5.8AI score0.05871EPSS
Exploits1References10
Exploit DB
Exploit DB
added 2006/07/07 12:0 a.m.43 views

Pivot 1.30 RC2 - Privilege Escalation / Remote Code Execution

!/usr/bin/php -q -d shortopentag=on ? echo "Pivot = 1.30 RC2 privileges escalation / remote commands execution exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dorks: "Powered byPivot"\n"; echo "version specific: "Powered byPivot - 1.30 RC2"...

7.4AI score
Exploits0
Rows per page
Query Builder