Phpwind7.5 后台本地包含漏洞

文件：hack\rate\admin.php 源码： ?php !functionexists'readover' && exit'Forbidden'; define "HR", RP . "hack/rate/" ; define "LR", RP . "lib/" ; InitGP array 'ajax' ; $action = strtolower $job ? $job : "admin" ; $filepath = HR . "action/" . $action . "Action.php"; ! fileexists $filepath && exit ; if $jo...

Simple PHP Guestbook 1.0 Administrative Access

Vendor: http://www.simplephpguestbook.com/ Version: 1.0 Tested on: Windows and Linux -------------------------------------- Simple PHP Guestbook Remote Admin Access Exploit Created by Sora + contact: vhr95zw at hotmail.com Description: Simple PHP Guestbook suffers an remote access in the guestboo...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in phpInstantGallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-4446

Cross-site scripting XSS vulnerability in admin.php in phpInstantGallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-4446

CVE-2009-4446 describes an XSS in phpInstantGallery 1.1 (admin.php) exploitable via PATH_INFO. Exploitation by remote attackers is possible without authentication; impacts include partial integrity breach and no confidentiality/availability effects per CVSS? (Base 4.3, MEDIUM). Connected document...

Directory traversal

Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter...

CVE-2009-4205

Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter...

CVE-2009-4205

Flashlight Free Edition (

CVE-2009-4121

CVE-2009-4121 refers to multiple CSRF vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 . The flaws allow remote attackers to hijack an administrator’s authenticated session to perform actions such as (1) deleting web pages via a p-delete action to admin.php, and possibly (2) deleting produ...

WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability

No description provided by source. An attacker can exploit this issue via a browser. The following example URIs are available: http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt http://www.example.com/wp-admin/admin.php?page=akismet/readme.txt...

WordPress 2.0 2.7.1 - admin.php Module Configuration Security Bypass

WordPress 2.0 2.7.1 - admin.php Module Configuration Security Bypass An attacker can exploit this issue via a browser. The following example URIs are available: http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt...

Skybluecanvas 1.1 r237 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/44225/info SkyBlueCanvas is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...

QuickCart 3.x xss xsrf Local File Inclusion Directory Traversal

No description provided by source. DISCOVERED: Paweł 'kl3ryk' Łaskarzewski GREETZ: hawk, pin3ska, black ant, qwert666, ua and gacmaan DIRECTORY TRAVERSAL http://victim.com/?p=ONE OF THE EXISITING FILES-EXISITING ACTION IN THIS FILE- Most of actions load templates form bad directory and then thr...

CVE-2008-7221

RunCMS 1.6.1 is affected by a CSRF vulnerability that lets remote attackers hijack administrator sessions by sending crafted requests to system/admin.php, enabling (1) addition of new administrators or (2) modification of user profiles. The vulnerability is triggered through authenticated admin a...

CVE-2008-7171

Multiple cross-site scripting XSS vulnerabilities in Lightweight news portal LNP 1.0b allow remote attackers to inject arbitrary web script or HTML via the 1 photo parameter to showphoto.php, 2 potd parameter to showpotd.php, or 3 the Current question field in a vote action to admin.php...

CVE-2008-7171

Multiple cross-site scripting XSS vulnerabilities in Lightweight news portal LNP 1.0b allow remote attackers to inject arbitrary web script or HTML via the 1 photo parameter to showphoto.php, 2 potd parameter to showpotd.php, or 3 the Current question field in a vote action to admin.php...

Fedora Core 11 FEDORA-2009-8529 (wordpress-mu)

The remote host is missing an update to wordpress-mu announced via advisory FEDORA-2009-8529. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C ...

Fedora Core 10 FEDORA-2009-8538 (wordpress-mu)

The remote host is missing an update to wordpress-mu announced via advisory FEDORA-2009-8538. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C ...

TBDev2 SQL Injection / Remote File Inclusion

======================================= TBDev2 Blind SQL Inj3ct0r + RFI Exploit ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database...

Fedora 11 : wordpress-mu-2.8.4a-1.fc11 (2009-8529)

Update spans MU-versions for the following security releases from upstream: http://wordpress.org/development/2009/08/2-8-4-security-release/ http://wordpress.org/development/2009/08/wordpress-2-8-3-security-rele ase/ - Backport of XSS fixes from WordPress 2.8.2 Backport of security fixes for...