648 matches found
PHPDirector <= 0.21 (videos.php id) Remote SQL Injection Vulnerability
No description provided by source. PHPDirector = 0.21 SQL injection/Upload SHELL Remote Vulnerabilities WEB APP: PHPDirector 0.21 SITE: http://www.phpdirector.co.uk/site/ DORK: Powered by PHP Director AUTHOR: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking -...
Kietu 2/3 Index.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may...
FreePBX 2.11.0 - Remote Command Execution
No description provided by source. !/usr/bin/perl use strict; use warnings; use IO::Socket::INET; Exploit Title: FreePBX 2.9,2.10,2.11,12 Remote Command Execution Google Dork: n/a Date: 2/25/14 Exploit Author: @0x00string Vendor Homepage: http://www.freepbx.org/ Software Link:...
SmodCMS 4.07 (fckeditor) - Remote Arbitrary File Upload Exploit
No description provided by source. ?php / ----------------------------------------------------------------- SmodCMS v.4.07 fckeditor Remote Arbitrary File Upload Exploit -----------------------------------------------------------------...
DM Filemanager 3.9.11 Arbitrary File Upload Vulnerability
No description provided by source. ?php / ----------------------------------------------------------------- DM Filemanager fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- Vendor: www.dutchmonkey.com Download :...
phpIndexPage <= 1.0.1 (config.php) Remote Inclusion Exploit
No description provided by source. !/usr/bin/perl phpindexpage 1.0 & 1.0.1 config.phpRemote File Include Vulnerability Bug Found : DeltahackingTEAM discovery:Dr.Pantagon & Exploitet By Dr.Pantagon Class: Remote File Include Vulnerability exemplary Exp: http://www.site.com/config.php?envincpath=...
DaLogin 2.2 (FCKeditor) Remote Arbitrary File Upload Exploit
No description provided by source. ?php / ----------------------------------------------------------------- DaLogin 2.2 FCKeditor Remote Arbitrary File Upload Exploit -----------------------------------------------------------------...
Ciamos CMS <= 0.9.6b (config.php) Remote File Include Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+...
Plume CMS <= 1.0.3 (manager_path) Remote File Include Vulnerability
No description provided by source. Vendor: Plume CMS http://plume-cms.net Vuln: Remote File Include Discovered: beford xbefordx gmail com Vulnerable File/Code ./plume-1.0.3/manager/frontinc/prepend.php code includeonce $PXconfig'managerpath'.'/conf/config.php'; /code...
phpBB <= 2.0.10 Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ !@@ @@! @@@ @!@!!@! @!@ !@! !@@!! @!@!@!@! !!: :!! !!: !!! !:! !!: !!! : : : :.:: : ::.: : : : : phpBB = 2.0.10 remote commands exec exploit based on...
Podcast Generator <= 1.2 unauthorized Re-Installation Remote Exploit
No description provided by source. ?php Podcast Generator = 1.2 unauthorized CMS Re-Installation Remote Exploit by staker -------------------------------------- mail: stakerathotmaildotit url: http://podcastgen.sourceforge.net -------------------------------------- it works with registerglobals=o...
Modernbill <= 1.6 (config.php) Remote File Include Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '63791' ssvid version = '1.0' author = '皮皮' vulDate = '2006-08-09' createDate = '2015-12-24...
RedBLoG 0.5 admin/config.php root_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
LokiCMS <= 0.3.3 - Remote Command Execution Exploit
No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection Exploit: Remote Command Execution Vuln Code: admin.php if $GET'default' != '' // User want's to set the default page writeconfig$cpassword,...
Thatware <= 0.4.6 (root_path) Remote File Include Vulnerability
No description provided by source. Thatware 0.4.6 rootpath Remote File Inclusion CreW: ToXiC Bug Found by Drago84 Source Code: http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware0.4.6.tar.gz Page Affect config.php ExP:...
HDWiki5.1后台拿shell
简要描述: 登录管理后台,插入的代码可以执行 详细说明: 登录管理后台,全局 网站URL处,写入php代码 代码写入到config.php文件 访问config.php文件 漏洞证明: 如上...
C2FO: c2fo.com is releasing sensitive Information about Database Configuration.
Hello C2FO Securiity Team, Vulnerability Details : Disclosure of Database Username and Password of c2fo.com Description: Your configuration file of your website is available to download from your website c2fo.com.When i thought to pentest your site,i landed on https://c2fo.com .But instead of...
Horizon QCMS "/lib/functions/d-load.php"目录遍历漏洞
CVE ID:CVE-2013-7138 Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。 该漏洞的存在是由于传递到"/lib/functions/d-load.php"脚本的"start" HTTP GET参数"fopen"方法中被使用前没有足够过滤,远程攻击者可以以Web服务器的权限在目标系统上读取任意文件内容。 0 Horizon QCMS=4.0 厂商补丁: Horizon ----- Horizon 4.0版本以修复此漏洞,建议用户下载使用:...
DedeCMS 5.7 config.php 跨站脚本漏洞
dedecms 5.7 config.php 跨站脚本漏洞 \include\dialog\config.php $cuserLogin = new userLogin; if$cuserLogin-getUserID 提示:需输入后台管理目录才能登录请输入后台管理目录名:", "javascript:;"; exit; $gurl = "../../$adminDirHand/login.php?gotopage=".urlencode$dedeNowurl; echo "location='$gurl';"; exit; 对用户提交的$adminDirHand...
DedeCMS 5.7 /include/dialog/config.php 跨站脚本漏洞
No description provided by source...