fogforum-lfi.txt

======================================================= FOG Forum 0.8.1 Local File Inclusion Vulnerabilities ======================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

Fedora 8 : krb5-1.6.2-14.fc8 (2008-2647)

This update incorporates fixes included in MITKRB5-SA-2008-001 use of uninitialized pointer / double-free in the KDC when v4 compatibility is enabled and MITKRB5-SA-2008-002 incorrect handling of high-numbered descriptors in the RPC library. This update also incorporates less-critical fixes for a...

Portail Web Php <= 2.5.1.1 Multiple Inclusion Vulnerabilities

No description provided by source. Portail Web Php = 2.5.1.1 Multiple Remote/Local File Inclusion Vulnerabilities http://surfnet.dl.sourceforge.net/sourceforge/portail-web-php/PwP2.5.1.1.rar POC : I- Remote File Inclusion /PwP2.5.1.1/template/Vert/index.php?sitepath=http://localhost/020.txt...

SLAED CMS 2.5 Lite (newlang) Local File Inclusion Vulnerability

No description provided by source. SLAED CMS 2.5 Lite Local file inclusion Script url http://www.slaed.net/uploads/files/public/SLAEDCMS2.5Lite.zip Lets code in function/sources.php: 780: // Format language 781: function getlang$module="" 782: global $multilingual, $currentlang, $language,...

Xoops XoopsGallery Module 'init_basic.php'远程文件包含漏洞

BUGTRAQ ID: 27155 CNCAN ID:CNCAN-2008010814 Xoops XoopsGallery Module是一款基于PHP的WEB应用程序。 Xoops XoopsGallery Module不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于'initbasic.php'脚本对用户提交的'GALLERYBASEDIR'参数缺少过滤，提交远程服务器上的任意文件作为包含对象，可导致以WEB权限执行任意PHP代码。 Xoops XoopsGallery Module 1.3.3 9 ------------...

LearnLoop 2.0beta7 (sFilePath) Remote File Disclosure Vulnerability

No description provided by source. LearnLoop 2.0beta7 sFilePath Remote File Disclosure Vulnerability http://surfnet.dl.sourceforge.net/sourceforge/learnloop/learnloop2.0beta7.tar.gz...

Ubuntu 6.06 LTS / 6.10 / 7.04 : tar vulnerability (USN-506-1)

Dmitry V. Levin discovered that tar did not correctly detect the '..' file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges. Note that Tenable Network Security...

BackUpWordPress Bkpwp_Plugin_Path远程文件包含漏洞

BackUpWordPress是一款基于PHP的WEB应用程序。 BackUpWordPress不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于脚本对用户提交的'BkpwpPluginPath'参数缺少过滤，指定远程服务器上的任意文件作为包含参数，可导致以WEB权限执行任意PHP代码。 Designpraxis BackUpWordPress 0.4.2b 目前没有详细解决方案提供： http://wordpress.designpraxis.at/plugins/backupwordpress/...

scWiki 1.0 Beta 2 (common.php pathdot) Remote File Inclusion Vuln

No description provided by source. scWiki 1.0 Beta 2 common.php pathdot Remote File Inclusion Vulnerability http://heanet.dl.sourceforge.net/sourceforge/sc-wiki/scwikibeta2.zip POC : /includes/common.php?pathdot=Shell sebug.net...

Joomla! Component mp3 allopass 1.0 - Remote File Inclusion

Joomla! Component mp3 allopass 1.0 - Remote File Inclusion commp3allopass joomla component Remote File Include Vulnerability Component : commp3allopass Download file : http://www.joomlaratings.com Dicovered by : NoGe Contact : [email protected]...

Buffer overflow

Buffer overflow in Next Generation Software Virtual DJ VDJ 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file...

CVE-2007-4734

Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file...

CVE-2007-4735

CVE-2007-4735 describes a buffer overflow in Next Generation Software’s Virtual DJ (VDJ) 5.0. The vulnerability allows user-assisted remote attackers to execute arbitrary code via a long file path in an M3U playlist. The provided documents identify the affected product and the root cause (buffer ...

SOTEeSKLEP <= 3.5RC9 (file) Remote File Disclosure Vulnerability

No description provided by source. SOTEeSKLEP Remote File Disclosure Vulnerability Script : SOTEeSKLEP Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other. Site : http://www.sote.pl Bug: ... if ! empty$REQUEST"file" $file=$REQUEST'file';...

soteesklep-disclose.txt

SOTEeSKLEP Remote File Disclosure Vulnerability Script : SOTEeSKLEP Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other. Site : http://www.sote.pl Bug: ... if ! empty$REQUEST"file" $file=$REQUEST'file'; ... $filepath="$DOCUMENTROOT/themes/$config-lang/htmlfiles/$file"; if...

SOTEeSKLEP <= 3.5RC9 (file) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ================================================================ SOTEeSKLEP lang/htmlfiles/$file"; if fileexists$filepath $fd=fopen$filepath,"r"; $data=fread$fd,filesize$filepath; print $data; fclose$fd; ... Dork: inurl:"/go/files/?file="...

SOTEeSKLEP 3.5RC9 - &#039;file&#039; Remote File Disclosure

SOTEeSKLEP Remote File Disclosure Vulnerability Script : SOTEeSKLEP Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other. Site : http://www.sote.pl Bug: ... if ! empty$REQUEST"file" $file=$REQUEST'file'; ... $filepath="$DOCUMENTROOT/themes/$config-lang/htmlfiles/$file"; if...

Musoo GLOBALS[ini_array]参数远程文件包含漏洞

Musoo是一款基于PHP的WEB应用程序。 Musoo不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于脚本对用户提交的'GLOBALSiniarray'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Musoo Musoo 0.21 目前没有详细解决方案提供： http://www.tryag.com/cc http://www.example.com/path/msDb.php?GLOBALSiniarrayEXTLIBPATH=Shell.txt?...

PHP::HTML 0.6.4 - PHPhtml.php Remote File Inclusion

PHP::HTML 0.6.4 - PHPhtml.php Remote File Inclusion phphtml v 0.6.4 FOUND BY : o0xxdark0o Website: http://www.sitellite.org/ DOWNLOAD : http://sourceforge.net/projects/phphtml REMOTE FILE INCLUDE FILE : PATH\phphtml.php EXP: xxx.com\path\phphtml.php?htmlclasspath=SH3ll.txt? CODE: on line 19 rende...

Analysis upload vulnerability-vulnerability warning-the black bar safety net

This article sent to the hacker line of Defense of 2006.4 period, reproduced please indicate the Analysis upload vulnerability in the form English / the loneliness of the hedgehog In a brief introduction through the injection vulnerability check and fill, following the coupling re-introduce a...