Page 8 of 46 results (0.011 seconds)

CVSS: 7.5EPSS: 5%CPEs: 11EXPL: 3

Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information. Vulnerabilidad de envío de archivo no restringido en editor/filemanager/browser/default/connectors/php/connector.php en FCKeditor v2.2 en Falt4 CMS, Nuke ET, y otros productos, lo que permite a atacantes remotos ejecutar codigo a su eleccion mediante la creacion de un fichero con secuencias PHP precedidas de un encabezado ZIP, subiendo este fichero a traves la accion FileUpload, y despues accediendo al fichero a traves de una peticion directa del fichero en UserFiles/File/, probablemente relacionado con CVE-2005-4094. NOTA: Algunos detalles fueron obtenidos de una tercera parte. • https://www.exploit-db.com/exploits/8060 https://www.exploit-db.com/exploits/6783 http://secunia.com/advisories/33973 http://www.securityfocus.com/bid/31812 http://www.vupen.com/english/advisories/2009/0447 https://exchange.xforce.ibmcloud.com/vulnerabilities/48769 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 1%CPEs: 70EXPL: 2

Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php. Vulnerabilidad de evaluación de variable dinámica en lists/admin.php en phpList v2.10.8 y versiones anteriores, cuando register_globals no está activa, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de secuencias de salto de directorio en el parámetro "_SERVER[ConfigFile]" de admin/index.php. • https://www.exploit-db.com/exploits/7778 http://secunia.com/advisories/33533 http://www.bugreport.ir/index_60.htm http://www.securityfocus.com/archive/1/500057/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47945 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 69EXPL: 0

phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." phplist anterior a v2.10.8 permite a atacantes remotos incluir ficheros a través de vectores desconocidos, relacionada a una "vulnerabilidad de inclusión de un fichero local." • http://secunia.com/advisories/33186 http://securityreason.com/securityalert/4901 http://www.phplist.com/?lid=273 http://www.securityfocus.com/archive/1/499218/100/0/threaded http://www.securityfocus.com/bid/32841 https://exchange.xforce.ibmcloud.com/vulnerabilities/47395 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 4

Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. Vulnerabilidad de cruce de sitios en scripts (XSS) en index.php de phplist 2.10.2 permite a atacantes remotos inyectar scripts WEB o HTML de su elección mediante el parámetro p. NOTA: Esta vulnerabilidad podría sobreponerse con CVE-2006-5321. • https://www.exploit-db.com/exploits/28824 http://secunia.com/advisories/22431 http://securityreason.com/securityalert/1779 http://securitytracker.com/alerts/2006/Oct/1017102.html http://www.securityfocus.com/archive/1/448923/100/100/threaded http://www.securityfocus.com/bid/20577/info http://www.vupen.com/english/advisories/2006/4084 •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phplist anterior a 2.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://tincan.co.uk/?lid=1821 http://www.phplist.com/news http://www.securityfocus.com/bid/20483 •