EUVD-2016-7536

Malware in sbrugna...

CVE-2024-4963 D-Link DAR-7000-40 url.php unrestricted upload

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument fileupload leads to unrestricted upload. It is possible to initiate the attack remotel...

CVE-2024-4963 D-Link DAR-7000-40 url.php unrestricted upload

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument fileupload leads to unrestricted upload. It is possible to initiate the attack remotel...

SUSE CVE-2016-6627

An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2017-20157

A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to...

phpMyAdmin 4.4.0 < 4.4.15.1 / 4.5.0 < 4.5.1 Content Spoofing (PMASA-2015-5)

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.4.x prior to 4.4.15.1 or 4.5.x prior to 4.5.1. It is, therefore, affected by a content spoofing vulnerability. - The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x...

YUNUCMS v1.0.7 Code Execution Vulnerabilities in controller\Wap.php and controller\Url.php Pages

YUNUCMS enterprise website management system YUNUCMS is a set of professional marketing enterprise building system based on PHP + MYSQL as the core development. A code execution vulnerability exists in the YUNUCMS controller\Wap.php and controller\Url.php pages. An attacker can exploit the...

GLink Word Link Script 1.2.3 - SQL Injection

GLink Word Link Script 1.2.3 - SQL Injection Exploit Title: GLink Word Link Script v1.2.3 - SQL Injection Google Dork: N/A Date: 22.03.2017 Vendor Homepage: http://www.tufat.com/ Software: http://www.tufat.com/wp-content/uploads/sites/4/2015/zips/script131.zip Demo:...

DEBIAN-CVE-2016-6627

An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-6627

An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-6627

An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-6627

An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2015-7873

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter...

CVE-2014-9219

Cross-site scripting XSS vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter...

php-Charts url.php Remote PHP Code Execution

The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/url.php' script is not properly sanitized before being used in a PHP eval call. An unauthenticated, remote attacker could leverage this vulnerability t...

php-Charts 'url.php'任意PHP代码执行漏洞

BUGTRAQ ID: 57448 php-Charts是PHP图表和绘图组件，为Web应用呈现动态的、数据驱动的、HTML5图表。 php-Charts 1.0及其他版本没有正确验证 wizard/url.php 内的GET参数值，即用在 "eval" 调用内，可被利用执行任意PHP代码。 0 php-Charts 1.x 厂商补丁： php-Charts ---------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://phpchart.net/...

phpMyAdmin < 3.3.10.1 / 3.4.1 Multiple Vulnerabilities (PMASA-2011-03 - PMASA-2011-04

The remote host contains a version of phpMyAdmin - 3.3.x less than 3.3.10.1 or 3.4.x less than 3.4.1 - that is affected by multiple vulnerabilities: - The scripts 'tbllinks.php' and 'tbl-tracking' fail to filter input to the 'table' and 'db' parameters. An attacker may be able to exploit this iss...

CVE-2007-5984

The CVE-2007-5984 issue affects Justin Hagstrom AutoIndex PHP Script prior to 2.2.4. A crafted %00 sequence in the dir parameter to index.php triggers an erroneous recursive calculation, leading to a denial of service (high CPU and memory consumption). The vulnerability is remote and does not spe...

CVE-2007-5984

classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service CPU and memory consumption via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."...