648 matches found
Remote file inclusion
PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the relpath parameter...
CVE-2008-4206
CVE-2008-4206 is a PHP remote file inclusion vulnerability affecting Attachmax Dolphin 2.1.0 and earlier. When register_globals is enabled, an attacker can cause arbitrary PHP code execution via a URL in the rel_path parameter to config.php. The public records confirm the vulnerability and its im...
Atmail Remote Authentication Bypass, Full DB Compromise
@Mail PHP Version 5.41 patch Release http://atmail.com/demo/atmailphpdemo.tgz The default install of Atmail 5.41 creates the following file in the atmail/ directory: build-plesk-upgrade.php If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php it will execute...
CVE-2008-3354
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus newbbplus module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 bbPathpath parameter to votepolls.php and the 2 bbPathroottheme parameter to config.php, different vectors than...
Remote file inclusion
PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...
flip-rfi.txt
DeltaHackingSecurityTEAM Remote File Include Vulnerability Flip V3.0 final Download : http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/f/fl/flipsource/Flip-3.0-final.zip AuTh0r : Cru3l.b0y H0ME : WwW.DeltaHacking.Net && WwW.w3bsecurity.IR Email :...
CVE-2008-2687
CVE-2008-2687 affects ProManager 0.73. A directory traversal flaw in inc/config.php allows remote attackers to include and execute arbitrary local files by using a .. in the language parameter, enabling arbitrary code execution on affected systems. No remediation details are provided in the suppl...
ProManager 0.73 (config.php) Local File Inclusion Vulnerability
No description provided by source. -------------------------------------- Pro Manager 0.73 Local File Inclusion Vuln -------------------------------------- http://www.sfr-fresh.com/unix/privat/proManager-0.73.tar.gz -------------------------------------- By : Stack email : Wanted...
ProManager 0.73 - config.php Local File Inclusion
ProManager 0.73 - config.php Local File Inclusion -------------------------------------- Pro Manager 0.73 Local File Inclusion Vuln -------------------------------------- http://www.sfr-fresh.com/unix/privat/proManager-0.73.tar.gz -------------------------------------- By : Stack email : Wanted...
LokiCMS admin.php文件绕过安全限制漏洞
BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误,如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话,则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段: admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...
pbcs-multi.txt
Project Based Calendaring System PBCS Version 0.7.1 Multiple Vulnerabilities Script: http://www.pbcs.org/pbcsdownload.php Poc : Hi str0ke Thanx To Posted but I Want Add Some Vulns In This Script 1- remote file upload http://localhost/pbcs-0.7.1-1/src/yopyupload.php after upload you can get you fi...
LokiCMS 0.3.3 - Arbitrary File Delete
Name : LokiCMS 0.3.3 = Arbitrary File Delete Vulnerability Author : cOndemned Greetz : ZaBeaTy, GregStar, irk4z, doctor, Avantura ; Usage: http://target/lokiCMS/admin.php?delete=path/file PoC: http://target/lokiCMS/admin.php?delete=../includes/Config.php Deleting Config.php will casue situation...
LokiCMS <= 0.3.3 Arbitrary File Delete Vulnerability
Exploit for unknown platform in category web applications ==================================================== LokiCMS = 0.3.3 Arbitrary File Delete Vulnerability ==================================================== Name : LokiCMS 0.3.3 = Arbitrary File Delete Vulnerability Author : cOndemned...
lokicms-delete.txt
Name : LokiCMS 0.3.3 = Arbitrary File Delete Vulnerability Author : cOndemned Greetz : ZaBeaTy, GregStar, irk4z, doctor, Avantura ; Usage: http://target/lokiCMS/admin.php?delete=path/file PoC: http://target/lokiCMS/admin.php?delete=../includes/Config.php Deleting Config.php will casue situation...
Code injection
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...
CVE-2008-1860
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...
CVE-2008-1860
LokiCMS versions 0.3.3 and earlier are affected by a static code injection vulnerability in admin.php, allowing remote attackers to inject arbitrary PHP into includes/Config.php via the default parameter. The issue arises from the underlying code path described in CVE-2008-1860 and is rated with ...
lokicms-exec.txt
Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS = 0.3.3 Rem...
LokiCMS 0.3.3 - Remote Command Execution
Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS...
Dragoon 0.1 - 'root' Remote File Inclusion
-========================================== ViVa YeMeN ====================================- Name : Dragoon 0.1 Remote File Include Vulnerabilitiy Download From : http://sourceforge.net/project/showfiles.php?groupid=118780 Found By : RoMaNcYxHaCkEr RoMaNTiC-TeaM BlackxHat , BlackBox , aLwHEeD Hom...