416 matches found
Multiple Vulnerabilities In IdealBB ASP Bulletin Board
======================================================================== = CodeScan Advisory, codescan.com [email protected] = = Multiple Vulnerabilities In IdealBB ASP Bulletin Board = = Vendor Website: = http://www.idealscience.com = = Affected Version: = Version 1.5.4a And Earlier = =...
CVE-2006-1363
images.php in Justin White aka YTZ Free Web Publishing System FreeWPS 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file...
CVE-2006-1160
Cross-site scripting XSS vulnerability in Easy File Sharing EFS Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file...
ImageVue 0.16.1 - readfolder.php?path Arbitrary Directory Listing
ImageVue 0.16.1 - readfolder.php?path Arbitrary Directory Listing source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content...
ImageVue 0.16.1 - index.php?bgcol Cross-Site Scripting
ImageVue 0.16.1 - index.php?bgcol Cross-Site Scripting source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection...
CVE-2006-0478
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the...
CVE-2005-3057
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP...
Talent network a common problem-a vulnerability warning-the black bar safety net
Today empty down in the visiting talent network. In a matter of habit...so on the fly detection. The program is php,itself due to a PHP injection also not very hanging. So it is looking for a few point of the actuator on the try. Also seems to be no big flower head. On another page it at. Continu...
Fantastic News "category" SQL inj.
Fantastic News "category" SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/fantastic-news-category-sql-inj.html Vendor:www.fscripts.com Product link:http://fscripts.com/free.php?id=1 affected version: 2.1.1 and prior Product description:...
CuteNews 1.4.1 remote code execution
CuteNews 1.4.1 Arbitrary file inclusion / remote code execution exploit software: site: http://cutephp.com/ description: "Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading,...
CVE-2005-1450
Technical details are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2004-0534
Cross-site scripting XSS vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document...
CVE-2005-0259
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file...
CVE-2005-0743
The CVE describes an arbitrary PHP file upload flaw in XOOPS 2.0.9.2 and earlier, exploitable via the uploader.php feature because file extensions are not filtered. This allows remote attackers to upload and potentially execute PHP scripts, with impact on confidentiality, integrity, and availabil...
Multiple HP WebJet Admin bugs
Directory traversal, file uploading and execution...
CVE-2003-0950
CVE-2003-0950 affects PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x. The issue allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the directory name (based on system time) used to store the file, and directly requesting that file. The underlyi...