ImpressPages CMS 'actions.php' RCE Vulnerability

ImpressPages CMS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

osCommerce Online Merchant Remote File Inclusion

Exploit Title: oscommerce-3.0a5 Remote File Inclusion Date: 26-8-2010 Author: LoSt.HaCkEr / aDaMTRoJaN Software Link: http://www.oscommerce.com/solutions/downloads Version: v 3.0 Tested on: Windows XP CVE : Contact: LoSt.HaCkEratyahoodotcom /0r/ [email protected]...

PPhlogger 2.2.5 Command Execution

|| || | || o,7 || . o7 || 4||| ow, : / / . +----------------------------------------------------------------------- -+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | |...

PPhlogger 2.2.5 - trace.php Remote Command Execution

PPhlogger 2.2.5 - trace.php Remote Command Execution || || | || o,7 || . o7 || 4||| ow, : / / . +----------------------------------------------------------------------- -+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | |...

PPhlogger 2.2.5 - 'trace.php' Remote Command Execution

|| || | || o,7 || . o7 || 4||| ow, : / / . +----------------------------------------------------------------------- -+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | |...

MySQL Quick Admin 1.5.5 - Local File Inclusion

MySQL Quick Admin 1.5.5 - Local File Inclusion Author: Vinod Sharma Email: [email protected] Date: 05th Nov, 2008 Note: This information is only for educational purpose, author will not bear responsibility for any damages. Directory traversal vulnerability in MySQL Quick Admin 1.5.5...

MySQL Quick Admin 1.5.5 Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================== MySQL Quick Admin 1.5.5 Local File Inclusion Vulnerability ========================================================== Author: Vinod Sharma Date: 05th Nov, 2008 Note: This informati...

MySQL Quick Admin 1.5.5 - Local File Inclusion

Author: Vinod Sharma Email: [email protected] Date: 05th Nov, 2008 Note: This information is only for educational purpose, author will not bear responsibility for any damages. Directory traversal vulnerability in MySQL Quick Admin 1.5.5 allows remote attackers to read and execute...

Cross site scripting

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the 1 overkill, 2 futils, or 3 edit actions...

CVE-2008-4448

CVE-2008-4448 describes a CSRF vulnerability in actions.php of Positive Software H-Sphere WebShell 4.3.10. An attacker can induce an admin to perform unauthorized actions by visiting a crafted link or IMG tag targeting (1) overkill, (2) futils, or (3) edit actions, effectively enabling file delet...

Sql injection

Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the username parameter to actions.php, and unspecified other vectors...

CVE-2006-3514

PHP-Blogger 2.2.5 (and possibly earlier) has multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php. The flaw allows remote attackers to inject arbitrary web script or HTML via the parameters: name, title, news, description, and sitename. The CVE notes only the presence of XSS w...