Mini-CMS 1.0.1 SQL Injection

+--------------------------------------------------------------------------------------------------------------------+ +--------------------------------------------Mini-CMS 1.0.1 SQL inlection------------------------------------------+...

Mini-CMS 1.0.1 - page.php SQL Injection

Mini-CMS 1.0.1 - page.php SQL Injection +--------------------------------------------------------------------------------------------------------------------+ +--------------------------------------------Mini-CMS 1.0.1 SQL inlection------------------------------------------+...

Mini-CMS 1.0.1 - 'page.php' SQL Injection

+--------------------------------------------------------------------------------------------------------------------+ +--------------------------------------------Mini-CMS 1.0.1 SQL inlection------------------------------------------+...

OpenNews 1.0 SQL Injection / Command Execution

OpenNews 1.0 SQLI/RCE Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download : http://sourceforge.net/projects/opennews-sun/ + SQL Injection Auth Bypass - Note : magicquotesgpc = off - PoC http://127.0.0.1/admin.php Username : admin ' or...

Ultrize TimeSheet 1.2.2 File Disclosure

Ultrize TimeSheet 1.2.2 readfile Local File Disclosure Vulnerability Code page /actions/downloadFile.php ==== File not found. "; print $fileName; print "Please make sure your file paths are correct: $config'uploaddir'/$jobid/$fileName"; ? ==== Poc /actions/downloadFile.php?fileName=../config.php...

Podcast Generator 1.2 - Unauthorized Re-Installation

$file.$ext $Ldeleted"; / Explanation code snippet above points ----------------------------------------------------------------------------------- 1. blocks all 'amilogged' REQUEST variables,what about GLOBALS?,therefore useless! 2. if 'amilogged' isn't true - exit function activated. 3. unlink...

CVE-2009-1880

Cross-site scripting XSS vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 model.php and 2 config.php with timestamps before 20090521...

AdaptBB 1.0 (forumspath) Remote File Inclusion Vulnerability

No description provided by source. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =- AdaptBB 1.0 Remote File Include =- =- Webpage: http://www.adaptbb.com =- Download http://sourceforge.net/project/downloading.php?groupid=253154&filename=AdaptBB1.0.zip...

CVE-2009-1801

Multiple cross-site scripting XSS vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the 1 display parameter to reports.php, the 2 order and 3 extdisplay parameters to config.php, and the 4 so...

NC GBook 1.0 Remote Command injection Exploit

No description provided by source. -------------------------------------------------------------- NC GBook 1.0 Remote Command injection Exploit --------------------------------------------------------------- Founder :ThE g0bL!N Vendor:http://www.php-gaestebuch.com Thank You Very Much His0k4...

Qt quickteam Multiple Remote File Inclusion Vulnerabilities

No description provided by source. =-=-remote file include-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script::quickteam 2 ------------------------------------------------- Author: ahmadbady my site :Coming Soon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= download...

Code injection

Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php...

CVE-2009-1512

CVE-2009-1512 - Affected: X-Forum 0.6.2. Description: static code injection vulnerability where remote authenticated administrators can inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php. Impact: enables code execution under the attacker’s PHP context as auth...

CVE-2009-1512

Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php...

NotFTP config.php本地文件包含漏洞

BUGTRAQ ID: 34636 CVECAN ID: CVE-2009-1407 NotFTP是用PHP编写的基于Web的HTTP-FTP网关。 NotFTP的config.php脚本没有正确地过滤用户所提交的参数，如果远程攻击者在提交的URL请求中使用newlang参数指定了本地系统的恶意文件的话，就可能在Web服务器上读取敏感信息或执行任意代码。以下是config.php脚本中的有漏洞代码段： if isset$newlang requireonce"lib/lang/".$languages$newlang"file"; elseif...

Directory traversal

Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a .. dot dot in a certain languagesfile parameter...

CVE-2009-1407

Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a .. dot dot in a certain languagesfile parameter...

CVE-2009-1407

NotFTP 1.3.1 is affected by a directory traversal/Local File Inclusion in config.php. The script fails to properly filter user input in languages[][file] (and related language loading logic), allowing remote attackers to read arbitrary local files via crafted URLs (e.g., .. paths). The vulnerabil...

NotFTP 'config.php' Local File Include Vulnerability

NotFTP is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

NotFTP 1.3.1 (newlang) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================= NotFTP 1.3.1 newlang Local File Inclusion Vulnerability ========================================================= NotFTP 1.3.1 = Local file include...