261 matches found
WordPress Theme This Way - 'upload_settings_image.php' Arbitrary File Upload
source: https://www.securityfocus.com/bid/63523/info The This Way Theme for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload...
CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion
source: https://www.securityfocus.com/bid/61746/info CakePHP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files or execute arbitrary script code in the context of the web server...
phpVibe 3.1 - Information Disclosure / Remote File Inclusion
source: https://www.securityfocus.com/bid/61026/info phpVibe is prone to an information-disclosure vulnerability and multiple remote file-include vulnerabilities. An attacker can exploit these issues to obtain potentially sensitive information or execute malicious PHP code in the context of the w...
Atomy Maxsite - index.php Arbitrary File Upload
Atomy Maxsite - index.php Arbitrary File Upload source: https://www.securityfocus.com/bid/60859/info Atomy Maxsite is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can...
WordPress WP FileManager Plugin - Arbitrary File Download
WP FileManager is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files within the context of the web server process. Solution Update the plugin...
Fork CMS - js.php Local File Inclusion
Fork CMS - js.php Local File Inclusion source: https://www.securityfocus.com/bid/59298/info Fork CMS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in...
KindEditor - Multiple Arbitrary File Upload Vulnerabilities
KindEditor - Multiple Arbitrary File Upload Vulnerabilities source: https://www.securityfocus.com/bid/58431/info KindEditor is prone to multiple remote file-upload vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload arbitrary...
PHPBoost - Arbitrary File Upload / Information Disclosure
source: https://www.securityfocus.com/bid/58432/info PHPBoost is prone to an information disclosure vulnerability and an arbitrary file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit these issues to upload arbitrary files in...
KindEditor - Multiple Arbitrary File Upload Vulnerabilities
source: https://www.securityfocus.com/bid/58431/info KindEditor is prone to multiple remote file-upload vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload arbitrary code and run it in the context of the web server process...
ezStats for Battlefield 3 - ezStats2compare.php Multiple Cross-Site Scripting Vulnerabilities
ezStats for Battlefield 3 - ezStats2compare.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/57759/info ezStats for Battlefield 3 is prone to multiple cross-site scripting vulnerabilities and a local file include vulnerability. An attacker may leverage...
ezStats2 - style.php Local File Inclusion
ezStats2 - style.php Local File Inclusion source: https://www.securityfocus.com/bid/57757/info ezStats2 is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view...
WordPress Shopping Cart Plugin Multiple Vulnerabilities
WordPress Shopping Cart Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
MotoCMS - admindatausers.xml Access Restriction Information Disclosure
MotoCMS - admindatausers.xml Access Restriction Information Disclosure source: https://www.securityfocus.com/bid/57055/info MotoCMS is prone to a file-disclosure and an arbitrary file-upload vulnerability. An attacker can exploit these issues to upload a file and view local files in the context o...
MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure
source: https://www.securityfocus.com/bid/57055/info MotoCMS is prone to a file-disclosure and an arbitrary file-upload vulnerability. An attacker can exploit these issues to upload a file and view local files in the context of the web server process, which may aid in further attacks. MotoCMS 1.3...
WordPress Plugin Zingiri Forums - 'language' Local File Inclusion
source: https://www.securityfocus.com/bid/56777/info The Zingiri Forums plugin for WordPress is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the...
Joomla! Component com_bit - Controller Local File Inclusion
Joomla! Component combit - Controller Local File Inclusion source: https://www.securityfocus.com/bid/56995/info The Bit Component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to...
Joomla! Component com_bit - 'Controller' Local File Inclusion
source: https://www.securityfocus.com/bid/56995/info The Bit Component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitra...
ATutor 2.1 - tool_file Local File Inclusion
ATutor 2.1 - toolfile Local File Inclusion source: https://www.securityfocus.com/bid/56600/info ATutor is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts i...
WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Remote File Inclusion
source: https://www.securityfocus.com/bid/55919/info The Crayon Syntax Highlighter plug-in for WordPress is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive...
YingZhiPython - Directory Traversal Arbitrary File Upload
YingZhiPython - Directory Traversal Arbitrary File Upload source: https://www.securityfocus.com/bid/55685/info An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and to run it in the context of the web server process. YingZhiPython 1.9 is vulnerable;...