SetCMS 3.6.5 (setcms.org) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl SetCMS v3.6.5 setcms.org remote commands execution exploit by RST/GHC o4.o9.2oo6 coded by 1dt.w0lf THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE про багу: file: functions.php FUNCTION ip global $userid; ifgetenv'HTTPCLIENTIP' $userip =...

SLAED CMS 2.5 Lite - newlang Local File Inclusion

SLAED CMS 2.5 Lite - newlang Local File Inclusion SLAED CMS 2.5 Lite Local file inclusion Script url http://www.slaed.net/uploads/files/public/SLAEDCMS2.5Lite.zip Lets code in function/sources.php: 780: // Format language 781: function getlang$module="" 782: global $multilingual, $currentlang,...

Kayako SupportSuite syncml/index.php Direct Request Remote Information Disclosure

The version of Kayako SupportSuite installed on the remote host returns PHP's '$SERVER' superglobal variable in response to a request for Kayako's 'syncml/index.php' page. This variable contains information about the remote web server, some of which might be sensitive. %NASLMINLEVEL 70300 C Tenab...

SLAED CMS 2.5 Lite - 'newlang' Local File Inclusion

SLAED CMS 2.5 Lite Local file inclusion Script url http://www.slaed.net/uploads/files/public/SLAEDCMS2.5Lite.zip Lets code in function/sources.php: 780: // Format language 781: function getlang$module="" 782: global $multilingual, $currentlang, $language, $usercookiet; 783: if...

CVE-2008-0371

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via 1 the mohit parameter to a inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via 2 the id parameter to...

Sql injection

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via 1 the mohit parameter to a inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via 2 the id parameter to...

PHPEcho CMS 'index.php' SQL注入漏洞

BUGTRAQ ID: 27326 CNCAN ID:CNCAN-2008012107 PHPEcho CMS是一款基于PHP的WEB应用程序。 PHPEcho CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'index.php'脚本对用户提交的'id'参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 PHPEcho CMS PHPEcho CMS 2.0-rc3 目前没有详细解决方案提供：...

SetCMS 3.6.5 (setcms.org) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ========================================================== SetCMS 3.6.5 setcms.org Remote Command Execution Exploit ========================================================== !/usr/bin/perl SetCMS v3.6.5 setcms.org remote commands executio...

Invision Gallery <= 2.0.7 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ====================================================== Invision Gallery "r57ig207" ; $mw-geometry '420x510' ; $mw-resizable0,0; $mw-Label-text = '!', -font = 'Webdings 22'-pack; $mw-Label-text = 'Invision Gallery 'Verdana 7...

BLOG:CMS 4.2.1.c &#40;DIR_PLUGINS&#41; Multiple Remote File Include

Name : BLOG:CMS 4.2.1.c DIRPLUGINS Multiple Remote File Include Download From : http://dfn.dl.sourceforge.net/sourceforge/blogcms/blogcms.4.2.1.c.7z Or Here http://blogcms.com Found By : RoMaNcYxHaCkEr We Are H-T TeaM Houssamix - ToXiC Home Page : Not Yet : Tryag.cc/cc No-Hack.net V99x.com/vb...

Sql injection

SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parentid parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admin.php or 2 index.php in photo/...

CVE-2008-0359

Multiple cross-site scripting XSS vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admin.php or 2 index.php in photo/...

CVE-2008-0358

CVE-2008-0358 affects Pixelpost 1.7. The vulnerability is a SQL injection in the index.php component, exploitable via the remote input parameter parent_id . The underlying cause is insufficient sanitization of the user-supplied value, allowing an attacker to inject arbitrary SQL commands through ...

CVE-2008-0350

admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes...

CVE-2008-0350

CVE-2008-0350 affects Evilsentinel 1.0.9 and earlier. Admin/index.php redirects without exiting, enabling remote attackers to gain administrative privileges and perform arbitrary configuration changes. The NVD entry notes a network-exposed vulnerability with partial impact to confidentiality, int...

CVE-2008-0350

admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes...

Remote file inclusion

PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php and 2 checkout.php...

CVE-2008-0287

PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php and 2 checkout.php...

Sql injection

SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the 1 a or 2 cid parameter...