The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an Core Impact agent, creates a php file to execute the agent and then makes a request to the file. The result is an Core Impact agent running on the webserver.
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
This vulnerability abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.
This module exploits a vulnerability in bash when the vulnerable bash version is used to run a CGI page.
This module exploits a vulnerability in bash when the vulnerable bash version is used to run a CGI page.
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
Unspecified input is not properly sanitised before being returned to the user via a "standard_error_message" template. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 2.12.2, 2.11.5 and 2.10.21. Other versions may also be affected. Once the vulnerability is confirmed by Core Impact, if you want to check this exploit manually, replace the "REPLACE" keyword with "%80".
XAMPP suffers from multiple XSS issues in several scripts that use the 'PHP_SELF' variable. The vulnerabilities can be triggered in the 'xamppsecurity.php', 'cds.php' and 'perlinfo.pl' because there isn't any filtering to the mentioned variable in the affected scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.
This vulnerability results from an unsanitized input that can be crafted into an attack by manipulating the 'mode' parameter of the xml/media-rss.php script of NextGen Gallery plugin installation. Version 1.5.1 is verified as vulnerable. Older versions are probably affected too, but they were not tested at this time. Currently only Internet Explorer (version 6,7 and 8 with XSS filter disabled) is verified as vulnerable. This is due to the fact that this browser sets the content-type of a document by parsing the content the webserver returns, instead of obeying the proper headers of the document.
Input passed to the "s" parameter in index.php is not properly sanitised before being returned to the user in googleanalytics.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.2.4. Other versions may be affected.