CMS Mini <= 0.2.2 Remote Command Execution Exploit

No description provided by source. --+++================================================================+++-- --+++====== CMS Mini = 0.2.2 Remote Command Execution Exploit ======+++-- --+++================================================================+++-- ?php function usage exit "\nCMS Mini =...

tizag-upload.txt

remote file upload script: tizag-countdownVersion3 download from:http://www.tizag.com/downloads/tizag-countdownVersion3.zip www.site.com/path/index.php upload file.php shell= www.site.com/path/pics/file.php Author: ahmadbady my mail: [email protected]...

Sql injection

Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 aka Uploader PRO, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to a img.php, b file.php, c mail.php, d thumb.php, e zip.php, and f zipit.php, and 2 the view parameter t...

CVE-2008-0427

CVE-2008-0427 describes a directory traversal vulnerability in bloofoxCMS 0.3, where the file.php component permits remote attackers to read arbitrary files by supplying a .. payload in the file parameter. The issue, as documented, is a path traversal flaw in the web application (no further root-...

CVE-2007-6662

Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php...

CVE-2007-6662

CVE-2007-6662 affects CuteNews 2.6, via a directory traversal vulnerability in file.php that allows reading arbitrary files by supplying .. in the file parameter. Exploitation demonstrated by accessing data/users.db.php to reveal admin username and password hash. Root cause is improper sanitizati...

JobSite Professional File.PHP SQL注入漏洞

JobSite Professional是一款基于PHP的WEB应用程序。 JobSite Professional不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL攻击，获得敏感信息或操作数据库。 问题是由于' File.PHP'脚本对用户提交的'id'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，攻击者可以获得敏感信息或操作数据库。 NetArt Media JobSite Professional 2.0 目前没有详细解决方案提供： http://www.jobsiteprofessional.com/...

JobSite Professional 2.0 file.php Remote SQL Injection Vulnerability

No description provided by source. JobSite Professional v2.0 Remote SQL Injection Vulnerability AUTHOR : ZynbER HOME : NoWhere Script WebSite: http://www.jobsiteprofessional.com Dork english version : inurl:index.php?page=enjobseekers Dork french version : inurl:index.php?page=frCandidats EXPLOIT...

JobSite Professional 2.0 - 'file.php' SQL Injection

JobSite Professional v2.0 Remote SQL Injection Vulnerability AUTHOR : ZynbER HOME : NoWhere Script WebSite: http://www.jobsiteprofessional.com Dork english version : inurl:index.php?page=enjobseekers Dork french version : inurl:index.php?page=frCandidats EXPLOITS : Vulnerability in File.php?id=...

TLM CMS 3.2 Multiple Remote SQL Injection Vulnerabilities

No description provided by source. TLM CMS v3.2 - Multiple Remote SQL Injection Vulnerabilities Vendor : http://tlm.hebserv.fr/ Download : http://tlm.hebserv.fr/modfile/upload/tlmcms32.zip Ditemukan oleh : k1tk4t - k1tk4t4tnewhack.org Lokasi : Indonesia -- newhackdotorg @ irc.dal.net Kutu pada...

LimeSurvey (PHPSurveyor) 1.49RC2 Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================================== LimeSurvey PHPSurveyor 1.49RC2 Remote File Inclusion Vulnerability ==================================================================== Owner : Pr0T3cT10n Script name :...

LimeSurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion

Owner : Pr0T3cT10n Email : [email protected] Homepage : www.kamikaz-team.com Script site : www.limesurvey.org Script name : LimeSurvey PHPSurveyor Version : 1.49RC2 Type : RFIRemote File Include Source : http://sourceforge.net/project/showfiles.php?groupid=74605 D0rk : "You have not provided a...

Directory traversal

Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. dot dot in the afilepath parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use...

CVE-2007-2412

Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. dot dot in the afilepath parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use...

JulmaCMS 1.4(file.php file)Remote File Disclosure

JulmaCMS 1.4file.php fileRemote File Disclosure D.Script: http://julmajanne.com/downloads/julma.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code In /file.php: /file.php ?php // $Id: file.php,v 1.4 2004/04/24 18:18:22 janne Exp $ include"config.php"; include"lib/mime.php"...

CVE-2007-2324

Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

CVE-2007-2324

CVE-2007-2324 describes a directory traversal in JulmaCMS 1.4 where the file.php parameter accepts a dot-dot gesture (..), enabling a remote attacker to read arbitrary files. This is caused by insufficient validation of the file parameter and affects the ability to access files outside the intend...

JulmaCMS 1.4 (file.php file) Remote File Disclosure Vulnerability

No description provided by source. JulmaCMS 1.4file.php fileRemote File Disclosure D.Script: http://julmajanne.com/downloads/julma.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code In /file.php: /file.php ?php // $Id: file.php,v 1.4 2004/04/24 18:18:22 janne Exp $...

JulmaCMS 1.4 (file.php file) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ================================================================= JulmaCMS 1.4 file.php file Remote File Disclosure Vulnerability ================================================================= JulmaCMS 1.4file.php fileRemote File...

JulmaCMS 1.4 - 'file.php' Remote File Disclosure

JulmaCMS 1.4file.php fileRemote File Disclosure D.Script: http://julmajanne.com/downloads/julma.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code In /file.php: /file.php dir . $file; $fname = basename$file; $mime = mimetype"mime", $fname; header"Content-Type: $mime";...