DaLogin 2.2 - FCKeditor Arbitrary File Upload

DaLogin 2.2 - FCKeditor Arbitrary File Upload Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1...

phpegasus 'config.php' Arbitrary File Upload Vulnerability

phpegasus is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate...

Yupi CMS 0.44 Remote File Inclusion

Yupi Cms 0.44 PhpDir . $filename; return $file;...

Remote file inclusion

PHP remote file inclusion vulnerability in inc/config.php in deV!Lz Clanportal DZCP 1.5.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter...

Newbie CMS Insecure Cookie Handling

----------exploit Debut Insecure Cookie Handling Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com Email : mm : Moghla9 Ferme Closed ----------Script Info Site : http://newbie-cms.com Download : http://newbie-cms.com/freedownload.php?file=newbiev003.zip ----------exploit Info...

FreePBX config.php页面SQL注入漏洞

BUGTRAQ ID: 37847 FreePBX之前被称为Asterisk Management Portal，是IP电话工具Asterisk的标准化实现，可提供Web配置界面和其他工具。 FreePBX没有正确地过滤提交给config.php页面的extdisplay参数，远程攻击者可以通过提交恶意的查询请求执行SQL注入攻击。 FreePBX 2.5.1 厂商补丁： FreePBX ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.freepbx.org/trac/changeset/7594...

FreePBX admin/config.php页面口令泄露漏洞

BUGTRAQ ID: 37848 FreePBX之前被称为Asterisk Management Portal，是IP电话工具Asterisk的标准化实现，可提供Web配置界面和其他工具。 可以访问FreePBX的administrators部分的用户可以通过查看html源码获得其他用户的管理员口令。 FreePBX 2.5.x 厂商补丁： FreePBX ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://mirror.freepbx.org/freepbx-2.6.0.tar.gz a href=...

FreePBX 2.5.1 - SQL Injection

FreePBX 2.5.1 - SQL Injection Advisory Name: SQL injection in FreePBX 2.5.1 Internal Cybsec Advisory Id: 2010-0103 Vulnerability Class: SQL injection Release Date: 15/01/2010 Affected Applications: Confirmed in FreePBX 2.5.1. Other versions may also be affected. Affected Platforms: Any running...

PHPDirector Game Edition 0.1 - Local File Inclusion SQL Injection Cross-Site Scripting

PHPDirector Game Edition 0.1 - Local File Inclusion SQL Injection Cross-Site Scripting Exploit Title: PHPDirector Game Edition Multiple Vulnerabilities LFI/SQLi/Xss Date: 2010-01-05 Author: Zer0 Thunder Site : http://www.play-online.bzh.be/forum/ Version: v0.1 Tested on: Windows XP sp2 WampServer...

CVE-2009-3694

Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cfgprePath parameter...

Directory traversal

Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cfgprePath parameter...

CVE-2009-3694

CVE-2009-3694 affects ezRecipe-Zee 91; a directory traversal flaw in config/config.php allows remote inclusion and execution of local files via a .. in cfg[prePath] when register_globals is enabled. Root cause is improper handling of user-controlled path input enabling local file inclusion. The c...

CVE-2009-3694

Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cfgprePath parameter...

CVE-2008-7207

RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php...

Default credentials

RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php...

CVE-2008-7207

RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php...

Code injection

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...

CVE-2009-2736

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...

CVE-2009-2736

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...

Mini-CMS 1.0.1 (page.php id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== Mini-CMS 1.0.1 page.php id SQL Injection Vulnerability ========================================================...