what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

e107 Avatar/Photograph Image File Upload
Posted Apr 20, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to compromise a vulnerable system. An error exists in the handling of file uploads for avatar and photograph images. This can be exploited to upload and execute arbitrary PHP code via a specially crafted image file with a ".php.filetypesphp" extension. Successful exploitation requires that "Public Uploads" are disabled (default), but uploads for avatar or photograph images for users are enabled, and a certain server configuration (e.g. an Apache server with the "mod_mime" module installed).e107 version 0.7.19 is affected.

tags | advisory, arbitrary, php, file upload
advisories | CVE-2010-0996
MD5 | 1e2696225eb0f79c8c7766a843173f9f
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Venmo Transaction Scraped In Privacy Warning To Consumers
Posted Jun 18, 2019

tags | headline, privacy, bank, cybercrime, data loss, fraud, flaw, paypal
Facebook Launches Cryptocurrency To Shake Up Global Finance
Posted Jun 18, 2019

tags | headline, bank, facebook, cryptography
US And Russia Clash Over Power Grid Hack Attacks
Posted Jun 18, 2019

tags | headline, government, usa, russia, cyberwar, scada
Smash GandCrab Tool Released To Decrypt Ransomware
Posted Jun 18, 2019

tags | headline, malware, cybercrime, fraud, cryptography
Hacker Conference Speaker Axed Over Abortion Views
Posted Jun 17, 2019

tags | headline, government, usa, conference
Exposed Database Dumps PII Of 1.6 Million Job Seekers
Posted Jun 17, 2019

tags | headline, privacy, database, data loss
Telegram DDoS Attack Launched Mostly From China
Posted Jun 17, 2019

tags | headline, china, denial of service, social
U.S. Defense, Intelligence Ramps Up Efforts To Insert Malware In Russia's Grid
Posted Jun 17, 2019

tags | headline, government, usa, russia, cyberwar, scada
Evernote Critical Flaw Opened Personal Data Of Millions To Attack
Posted Jun 14, 2019

tags | headline, privacy, flaw, chrome
Spirit Confirms ASCO Industries Cyberattack
Posted Jun 14, 2019

tags | headline, malware, fraud
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close