1439 matches found
wwwpaintboar(newsfile) Remote File Inclusion Vulnerability
wwwpaintboarnewsfile Remote File Inclusion Vulnerability ----------------------------------------------------------- Version : 1.0 Website URL: http://phpforge.oirac.com/ ----------------------------------------------------------- Discoved by sawxyz sasan XIII Security Researcher Gr33tZ t0 :Snake...
vBulletin <= 3.6.4 (inlinemod.php postids) Remote SQL Injection Exploit
No description provided by source. ?php printr' ----------------------------------------------------------------------------- vBulletin = 3.6.4 inlinemod.php "postids" sql injection / privilege escalation by session hijacking exploit by rgod mail: retrog at alice dot it site:...
Fedora Core 6 : kernel-2.6.19-1.2911.fc6 (2007-226)
CVE-2006-0007: The key serial number collision avoidance code in the keyallocserial function in Linux kernel 2.6.9 up to 2.6.20 allows remote attackers to cause a denial of service crash via vectors that trigger a null dereference, as originally reported as 'spinlock CPU recursion.' Update to lin...
Phpbb Tweaked (phpbb_root_path) Remote File Include Exploit
----------------------------------------------- Phpbb Tweaked phpbbrootpath Remote File Include Exploit ----------------------------------------------- Author: xoron xoron.biz - xoron.info ----------------------------------------------- Code: includeonce $phpbbrootpath...
PGP Desktop service fails to validate user supplied data
Overview PGP Desktop fails to properly validate objects passed into the PGP Desktop service. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code. Description PGP Desktop versions prior to 9.5.1 fail to properly validate objects passed into the PGP Desktop servi...
CVE-2007-0127
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be...
Aratix <= 0.2.2b11 (inc/init.inc.php) Remote File Include Vulnerability
+------------------------------------------------------------------------------------------- + Aratix = 0.2.2b11 inc/init.inc.php Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Vendor ............:...
PHP-Update 2.7 - extract() Authentication Bypass Shell Injection
PHP-Update 2.7 - extract Authentication Bypass Shell Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont+...
phpProfiles <= 3.1.2b Multiple Remote File Include Vulnerabilities
Exploit for unknown platform in category web applications ================================================================== phpProfiles + include/account.inc.php, lines 09: include"$incpath/footer.inc.php"; + include/index.inc.php, lines 05: include"$incpath/adminerr.inc.php"; + ... see below fo...
PLS-Bannieres 1.21 (bannieres.php) File Include
PLS-Bannieres 1.21 bannieres.php File Include Source Code: ftp://ftp1.comscripts.com/PHP/1959ban01-01.zip Vulnerable Code: modules/bannieres/bannieres.php In Line 13 : include "$chemin/includes/connexion.php" ; Exploit :...
net2ftp: a web based FTP client :) <= Remote File Inclusion
+-------------------------------------------------------------------- + + net2ftp: a web based FTP client : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: net2ftp: a web based FTP client + Venedor ...........:...
Comdev Events Calendar 3.1 :) <= Remote File Inclusion
+-------------------------------------------------------------------- + + Comdev Events Calendar 3.1 : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Comdev Events Calendar 3.1 + Venedor ...........: http://www.comdevweb.co...
Comdev Photo Gallery 3.1 :) <= Remote File Inclusion
+-------------------------------------------------------------------- + + Comdev Photo Gallery 3.1 : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Comdev Photo Gallery 3.1 + Venedor ...........: http://www.comdevweb.com +...
CVE-2006-4433
PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier PHPSESSID for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session...
phpauction21.txt
+-------------------------------------------------------------------- + + PHPAuction 2.1 with phpAdsNew 2.0.5 Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: PHPAuction 2.1 maybe higher with phpAdsNew, + phpAdsNew 2.0.5 maybe...
phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion
+-------------------------------------------------------------------- + + phpAutoMembersArea 3.2.5 $installedconfigfile Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: phpAutoMembersArea 3.2.5 + Venedor ...........:...
CVE-2006-2776
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended...
CVE-2006-2466
BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."...
[Full-disclosure] Server crash in Empire 4.3.2
Luigi Auriemma Application: Empire http://www.wolfpackempire.com http://sourceforge.net/projects/empserver Versions: = 4.3.2 Platforms: Windows, nix, BSD and more Bug: crash caused by strncat misuse Exploitation: remote, versus server Date: 12 May 2006 Author: Luigi Auriemma e-mail:...
Code injection
Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...