CVE-2012-2208

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter...

CVE-2012-2208

CVE-2012-2208 : Affected software is Piwigo up to version 2.3.3 (pre-2.3.4). Root cause is a directory traversal via the language parameter in upgrade.php, allowing remote attackers to include and execute arbitrary local PHP files. Impact: potential code execution through include() of crafted fil...

CVE-2008-6762

Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter...

Server side request forgery (ssrf)

wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service application outage, via a direct request...

CVE-2008-6767

wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service application outage, via a direct request...

linkbid-sql.txt

Link Bid Script 1.5 Multiple Remote SQL Injection + Discovered By SirGod + wWw.MorTal-TeaM.OrG + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke + Remote SQL Injection - Note : For PoC 2 you need administrative rights. PoC 1 :...

Atmail Remote Authentication Bypass, Full DB Compromise

@Mail PHP Version 5.41 patch Release http://atmail.com/demo/atmailphpdemo.tgz The default install of Atmail 5.41 creates the following file in the atmail/ directory: build-plesk-upgrade.php If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php it will execute...

CVE-2007-0863

PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tcconfigrootdir parameter to 1 upgrade.php, 2 paintsave.php, 3 menu.php, 4 manage.php, and 5 banned.php. NOTE: his issue has been disputed by reliable third parties, who...

indexu-xss.txt

vulnerability script indexu all versions Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn TeaM AL-GaRNi Application : indexu version : all versions URL : http://www.nicecoder.com/ google : "Powered by INDEXU 5." Exploits : |//1\| in upgrade.php...

Directory traversal

Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. dot dot in the gateway parameter...

CVE-2007-0349

CVE-2007-0349 affects nicecoder.com INDEXU 5.x via upgrade.php. The gateway parameter allows directory traversal (..), enabling remote attackers to include arbitrary local files. This is documented across NVD and CVE records as a directory traversal vulnerability in upgrade.php, with the impact l...

vulnerability script indexu all versions

vulnerability script indexu all versions Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn TeaM AL-GaRNi Application : indexu version : all versions URL : http://www.nicecoder.com/ google : "Powered by INDEXU 5." Exploits : |//1| in upgrade.php...

CVE-2006-5437

Directory traversal vulnerability in upgrade.php in phpAdsNew 2.0.8 allows remote attackers to read arbitrary files via a .. dot dot in the phpAdsconfiglanguage parameter. NOTE: this issue could not be reproduced by a third party...

CVE-2006-5437

Affected software: phpAdsNew 2.0.8. Issue: directory traversal in upgrade.php due to unsanitized input in phpAds_config[language] parameter, enabling remote attackers to read arbitrary files by supplying a .. payload. Root cause: insufficient input validation in upgrade.php. Impact: potential exp...

CVE-2006-5437

Directory traversal vulnerability in upgrade.php in phpAdsNew 2.0.8 allows remote attackers to read arbitrary files via a .. dot dot in the phpAdsconfiglanguage parameter. NOTE: this issue could not be reproduced by a third party...

PT-2006-6156 · Phpadsnew · Phpadsnew

Name of the Vulnerable Software and Affected Versions: phpAdsNew version 2.0.8 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. dot dot in the phpAds configlanguage parameter in the "upgrade.php" file...

phpAdsNew include bug!

Autors: - Micha wacky Baszczak - Nobody http://iHACK.pl File: modules/phpads/admin/upgrade.php Code: // Load language strings if fileexists"../language/".$phpAdsconfig'language'."/default.lang.ph p" include"../language/".$phpAdsconfig'language'."/default.lang.php"; else $phpAdsconfig'language' =...

CVE-2005-4174

eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing 1 install.php or 2 upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration...

CVE-2005-4174

CVE-2005-4174 affects eFiction versions 1.0, 1.1, and 2.0. The issue allows remote attackers to perform unauthorized operations by directly accessing install.php or upgrade.php. It is unclear whether the flaw originates from eFiction itself or from improper system administration (e.g., leftover u...

CVE-2004-0241

CVE-2004-0241 affects X-Cart 3.4.3 (Qualiteam X-Cart). The vulnerability allows remote attackers to execute arbitrary commands by supplying output in the perl_binary parameter in either upgrade.php or general.php. The underlying cause is improper handling of the perl_binary argument, leading to a...