Code injection

Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...

Maximus CMS 1.1.2 - 'FCKeditor' Arbitrary File Upload

| | /||\ / \ /===============================================================================\ |Exploit Title: maximus-cms fckeditor Arbitrary File Upload Vulnerability | |develop: http://www.php-maximus.org | |Version: Maximus 2008 CMS: Web Portal System v.1.1.2 | |Tested On: Live site | |Dork:...

CVE-2010-4367

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...

Fedora Update for libHX FEDORA-2010-12950

Check for the Version of libHX OpenVAS Vulnerability Test Fedora Update for libHX FEDORA-2010-12950 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

[SECURITY] Fedora 13 Update: libHX-3.6-1.fc13

A library for: - rbtree with key-value pair extension - deques double-ended queues Stacks LIFO / Queues FIFOs - platform independent opendir-style directory access - platform independent dlopen-style shared library access - auto-storage strings with direct access - command line option argv parser...

pam_captcha username harvest vulnerability

pamcaptcha is visual text-based CAPTCHA challenge module for PAM that uses figlet to generate the CAPTCHAs. Project site: http://www.semicomplete.com/projects/pamcaptcha/ A site with a screen shot: http://www.michaelboman.org/how-to/securing-ssh-access-with-pam-captcha I found a security problem...

phpMyAdmin - Config File Code Injection (Metasploit)

$Id: phpmyadminconfig.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit

Exploit for php platform in category web applications ========================================================== Nakid CMS fckeditor Remote Arbitrary File Upload Exploit ========================================================== Exploit database separated by exploit 0 0 // type local, remote, DoS...

Read local Config File source (webadmin.php) Vulnerability

Exploit for php platform in category web applications ========================================================== Read local Config File source webadmin.php Vulnerability ========================================================== Author : DrgpxX Group : Aras cyber Army Email : email protected...

Yamamah Photo Gallery 1.00 Local File Disclosure

|=---------------------------------------------------------------------------=| Yamamah Photo Gallery 1.00 download.php Local File Disclosure Vulnerability |=---------------------------------------------------------------------------=| |=------------------------------= by mat...

Yamamah Photo Gallery 1.00 - download.php Local File Disclosure

Yamamah Photo Gallery 1.00 - download.php Local File Disclosure |=---------------------------------------------------------------------------=| Yamamah Photo Gallery 1.00 download.php Local File Disclosure Vulnerability |=---------------------------------------------------------------------------...

DaLogin - Multiple Vulnerabilities

DaLogin - Multiple Vulnerabilities dalogin 2.2 multiple vulnerabilites app desc: Configurable WebSite. PHP + Mysql: news zone with rss feed, private zone, languages, themes, administration panel app source: http://dalogin.sourceforge.net/ author: hc0 1 config file disclosure you can access...

DaLogin - Multiple Vulnerabilities

dalogin 2.2 multiple vulnerabilites app desc: Configurable WebSite. PHP + Mysql: news zone with rss feed, private zone, languages, themes, administration panel app source: http://dalogin.sourceforge.net/ author: hc0 1 config file disclosure you can access config.ini file from...

dalogin 2.2 multiple vulnerabilites

Exploit for php platform in category web applications =================================== dalogin 2.2 multiple vulnerabilites =================================== dalogin 2.2 multiple vulnerabilites app desc: Configurable WebSite. PHP + Mysql: news zone with rss feed, private zone, languages,...

Quick guestbook v10. 0 9 The official version upload vulnerability and a Cookie spoofing vulnerability-vulnerability warning-the black bar safety net

Upload vulnerability: Loophole Page:/up/add. asp Use method: directly in the guestbook behind a vulnerability page address: for example: http://localhost/up/add.asp, The local structure of x. asp;. jpg picture Trojan, using iis6. 0 parsing vulnerability. Directly upload. Get the webshell, As for...

awstats -- arbitrary commands execution vulnerability

Awstats change log reports: Security fix Traverse directory of LoadPlugin Security fix Limit config to defined directory to avoid access to external config file via a nfs or webdav link...

Mail support request accepts any e-mail address

The SupportUtility allows the user to enter an arbitrary e-mail address to send a copy of the e-mail to. This issue removes the option for users to enter an e-mail address to CC. This issue also introduces a flag that prevents the TO address from being changed through the web interface. By defaul...

Facil CMS 0.1RC2 Local File Inclusion / Remote File Inclusion

Facil-CMS LFI/RFI Vulnerability +Title : Facil-CMS Multiple Vulnerability +Version: 0.1RC2 +Download: http://sourceforge.net/projects/facil-cms/files/ +Author: eidelweiss +Contact: eidelweissatcyberservicesdotcom !Thanks To: all friends -= Vuln C0de =- -facil-cms/index.php...

ALPHA CMS Version 3.2 Remote Config File Disclosure

Exploit for php platform in category web applications =================================================== ALPHA CMS Version 3.2 Remote Config File Disclosure =================================================== coded by ahmadbady...

Discuz! 7.0-7.2 the background settings. inc. php to write shell vulnerability-vulnerability warning-the black bar safety net

Impact version Discuz! 7.0-7.2 Vulnerability details: if$operation == 'uc' && iswriteable'./ config.inc.php' && $isfounder $ucdbpassnew = $settingsnew'uc''dbpass' == '' ? UCDBPW : $settingsnew'uc''dbpass'; if$settingsnew'uc''connect' $ucdblink = @mysqlconnect$settingsnew'uc''dbhost',...