5 matches found
CVE-2007-5278
Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving...
CVE-2007-5278
Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving...
CVE-2007-5230
admin/uploadfiles.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231...
Design/Logic Flaw
admin/uploadfiles.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231...
CVE-2007-5230
CVE-2007-5230 concerns Zomplog 3.8.1 and earlier where admin/upload_files.php does not require administrative credentials, enabling remote attackers to perform administrative actions via a direct request. This is linked to CVE-2007-5231, which describes an unrestricted file upload vulnerability i...