phpBB Upload Script "up.php" Arbitrary File Upload

Advisory 1 "phpBB Upload Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: [email protected] - [email protected] $ Date: 7 April 2005 $ Website: http://defacers.com.mx $ Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor URL:...

CVE-2004-1504

The CVE concerns Just Another Flat File (JAF) CMS 3.0RC. The vulnerability is in the displaycontent function of config.php, which allows remote attackers to gain sensitive information by supplying a blank show parameter; an error message reveals the installation path (demonstrated with index.php)...

phphpbb2 + php version < 4.3.10 unserialize() memory dump sql password from config.php exploit

php bug in ext/standart/varunserializer.c in php 4.3.10 for dump php heap memory with phpbb2 ,who use unserialize for cookie , and found the config.phpsql password in the heap. you need http://overdose.tcpteam.org/serv.h and http://overdose.tcpteam.org/serv.cpp for compile / coded by overdose...

PhpDig 1.6.x: remote command execution

Product: PhpDig 1.6.x Vendor: phpdig.net Author: FraMe frame at kernelpanik.org URL: http://www.kernelpanik.org CONTENTS 1. Overview 2. Description. 3. Details 4. Patches. 1. Overview. PhpDig is a http spider/search engine written in Php with a MySql database in backend. PhpDig builds a glossary...

CVE-2002-2298

PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the rootpath parameter...

Thatware (PHP)

Informations : °°°°°°°°°°°°°° Versions : ? - 0.3 - 0.5.3 Website : http://www.thatware.org Problems : - Include file - SQL Injection PHP Code/Location : °°°°°°°°°°°°°°°°°°° artlist.php v0.5.2, 0.5.3 : ------------------------------------- include $rootpath.'thatfile.php';...