CVE-2023-46677 Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtuname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46677

CVE-2023-46677 affects Online Job Portal v1.0. The vulnerability is described as multiple unauthenticated SQL injection flaws caused by the sign‑up.php resource not validating characters in the txt_uname parameter before sending data to the database. The CVSS metrics in the initial document class...

CVE-2023-44824

An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component...

CVE-2022-27133

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php...

Arbitrary file deletion

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php...

CVE-2022-27133

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php...

Code injection

DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...

MySpeach <= 2.1b (up.php) Remote Inclusion Vulnerability

No description provided by source. ------------------------------------------------------------------------------------------------------------------------ Script:MySpeach Affected Version:beta2.1 and maybe older Downlaoad:http://www.graphiks.net/scripts/chat/myspeach-2.1beta.zip...

Free Blog 1.0 Shell Upload / Arbitrary File Deletion

Free Blog 1.0 Multiple Vulnerability By cr4wl3r http://bastardlabs.info http://bastardlabs.info/exploits/FreeBlog.txt Software Link: http://blog.sdnex.com/ Tested: Ubuntu 12.04.1 LTS Proof of concept: Arbitrary File Upload Vulnerability http://bastardlabs/blogpath/up.php Shell will be available...

Admin News Tools 2.5 (fichier) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications =================================================================== Admin News Tools 2.5 fichier Remote File Disclosure Vulnerability ===================================================================...

MySpeach 2.1b - up.php Remote File Inclusion

MySpeach 2.1b - up.php Remote File Inclusion ------------------------------------------------------------------------------------------------------------------------ Script:MySpeach Affected Version:beta2.1 and maybe older Downlaoad:http://www.graphiks.net/scripts/chat/myspeach-2.1beta.zip...

MySpeach &lt;= 2.1b (up.php) Remote Inclusion Vulnerability

No description provided by source. ------------------------------------------------------------------------------------------------------------------------ Script:MySpeach Affected Version:beta2.1 and maybe older Downlaoad:http://www.graphiks.net/scripts/chat/myspeach-2.1beta.zip...

MySpeach <= 2.1b (up.php) Remote Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================== MySpeach = 2.1b up.php Remote Inclusion Vulnerability ========================================================...

CVE-2006-6389

CVE-2006-6389 and related CVEs describe multiple cross-site scripting (XSS) vulnerabilities in the ac4p Mobile application. The flaws enable remote attackers to inject arbitrary web script or HTML by submitting crafted input to specific parameters: (1) Taaa to up.php and (2) pollhtml and (3) Blok...

ac4p.txt

Discovered : SwEET-DeViL Product: http://www.ac4p.com tame : AL-garnei Saudi Arabia // Vulnerabilities there again this link http://www.securityfocus.com/archive/1/450496/30/0/threaded // \1\ in up.php http://site.com/path/up.php?Taaa=XSS \2\ in polls.php http://site.com/path/polls.php?pollhtml=x...

CVE-2006-5770

Multiple cross-site scripting XSS vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via 1 Bloks, 2 Newnews, 3 lBlok, and 4 foooot parameter in a index.php; Newnews, 5 newmsgs, and Bloks parameter in b MobileNews.php; Newnews parameter in c polls.php; 6...

CVE-2005-1047

Meilad File upload script up.php mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory...

phpBB Upload Script &quot;up.php&quot; Arbitrary File Upload

Advisory 1 "phpBB Upload Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: [email protected] - [email protected] $ Date: 7 April 2005 $ Website: http://defacers.com.mx $ Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor URL:...