1285 matches found
Design/Logic Flaw
Google Hack Honeypot GHH File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests...
CVE-2008-5283
The CVE concerns Google Hack Honeypot (GHH) File Upload Manager 1.3. The vulnerability enables remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. This is stated in multiple sources, though the exact exploit vectors are not disclosed in the pro...
Goople Cms 1.7 Remote File Upload Vulnerability
Exploit for unknown platform in category web applications =============================================== Goople Cms 1.7 Remote File Upload Vulnerability =============================================== -============================================- Autore: x0r - Evolution Team Cms: Goople Cms 1.7...
CVE-2008-5026
Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files aka attachments, which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting XSS attacks by uploading HTML...
Webshell under to crack computer administrator password-vulnerability warning-the black bar safety net
Information source: evil octal information security team www.eviloctal.com) This idea derived from previous studies runas command when inspired. Method of use: 1, The your password dictionary was renamed into the psw. txt, upload to the target server is an executable, writable directory. It is...
PHP iCalendar 2.24 - cookie_language Local File Inclusion Arbitrary File Upload
PHP iCalendar 2.24 - cookielanguage Local File Inclusion Arbitrary File Upload '.$lang'lcalfile'.' '.$filenumber.': '.$lang'lactionsuccess'.''; 84. el...
Sports Clubs Web Panel 0.0.1 - Arbitrary File Upload
Sports Clubs Web Panel 0.0.1 - Arbitrary File Upload --==+============================================================================+==-- --==+ Sports Clubs Web Panel 0.0.1 Remote File upload +==-- --==+============================================================================+==-- Discovered...
FreeCMS.us 0.2 (fckeditor) Arbitrary File Upload Exploit
No description provided by source. ?php / -------------------------------------------------------------- FreeCMS.us 0.2 fckeditor Arbitrary File Upload Exploit -------------------------------------------------------------- By : Stack Special thnx for : Egix - vulnerable code in...
Debian DSA-1488-1 : phpbb2 - several vulnerabilities
Several remote vulnerabilities have been discovered in phpBB, a web-based bulletin board. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0471 Private messaging allowed cross site request forgery, making it possible to delete all private messages of...
Cross site scripting
Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting XSS in uploaded files...
CVE-2008-0381
Technical details for CVE-2008-0381 are not publicly available in the provided documents. No concrete affected versions, root cause, or fixes are specified beyond generic cross-site scripting in uploaded Mahara files. Monitor for updates.
CVE-2008-0381
Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting XSS in uploaded files...
Design/Logic Flaw
Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving...
CVE-2007-3822
Multiple cross-site scripting XSS vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via 1 the who parameter to showuser; and other vectors involving 2 calendar mode, 3 bulletin board mode, 4 room names, and 5 uploaded file names...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via 1 the who parameter to showuser; and other vectors involving 2 calendar mode, 3 bulletin board mode, 4 room names, and 5 uploaded file names...
CVE-2007-3822
Multiple cross-site scripting XSS vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via 1 the who parameter to showuser; and other vectors involving 2 calendar mode, 3 bulletin board mode, 4 room names, and 5 uploaded file names...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...
CVE-2007-3254
Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...
FTP Server Zipped .ost File Uploaded
Binary data 4066.prm...
Sql injection
SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges...