JIKI Team

CVE-2008-1866 EXPLOITDB text WRITEUP

PixelMotion - RCE

admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.

View Code

CVE-2008-1857 EXPLOITDB text WORKING POC

Make our Life Easy Mole <2.1.0 - Path Traversal

Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.

View Code