3743 matches found
sendcard_340_xpl.txt
!/usr/bin/php -q -d shortopentag=on php injection\n"; echo " works against magicquotesgpc=Off\n"; echo " 2 - arbitrary remote inclusion\n"; echo " works against allowurlfopen=On\n"; echo " 3 - arbitrary local inclusion\n"; echo " works regardless of php.ini settings\n"; echo " and if you succeed ...
Owl Intranet Engine <= 0.91 Multiple Vulnerabilities
The remote host is running Owl Intranet Engine, a web-based document management system written in PHP. The version of Owl Intranet Engine on the remote host fails to sanitize input to the session id cookie before using it in a database query. Provided PHP's 'magicquotesgpc' setting is disabled, a...
MyBloggie 2.1.4 - trackback.php Multiple SQL Injections
MyBloggie 2.1.4 - trackback.php Multiple SQL Injections !/usr/bin/php -q -d shortopentag=on = 4.1 allowing subs / if $argctrackbackreply1, "Sorry, Trackback failed.. Reason : No title"; if!empty$REQUEST'url' $url=urldecode$REQUEST'url'; if validateurl$url==false $tback-trackbackreply1, "Sorry,...
[Full-disclosure] CounterChaos <= 0.48c SQL Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: CounterChaos = 0.48c SQL Injection Vulnerability Release Date: 2006/08/04 Last Modified: 2006/08/03 Author: Tamriel tamriel at gmx dot net Application: CounterChaos = 0.48c Risk: Moderate Vendor Status: not contacted Vendor Site:...
[KAPDA::#46] - AjaxPortal Authentication Bypass
KAPDA New advisory Vendor: http://myiosoft.com Vulnerable: AjaxPortal v. 3.0 Bug: Sql Injection Authentication Bypass Exploitation: Remote with browser Description: -------------------- AjaxPortal is based on Sajax technology - an open source tool to make programming websites using the Ajax...
security flaw
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by...
BLOG:CMS <= 4.0.0k Remote SQL Injection Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "BLOG:CMS = 4.0.0k sql injection/admin credentials disclosure exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork: "Powered by BLOG:CMS"|"Powered by...
Mambo <= 4.6rc1 (Weblinks) Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================== Mambo mysqld --log=mambo.txt now login, go to "Submit Weblink" feature, in "Name: " field type: 99999' UNION SELECT IF ASCIISUBSTRINGpassword,1,1=0 & 1, benchmark200000000,CHAR0,0 FROM...
PT-2006-3760 · Squirrelmail +1 · Squirrelmail +1
Name of the Vulnerable Software and Affected Versions: SquirrelMail versions 1.4.6 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter, under specific conditions where register globals is enabled and magic quotes gpc is...
CVE-2006-2681
CVE-2006-2681 describes a PHP remote file inclusion in SocketMail Lite and Pro 2.2.6 and earlier. When both register_globals and magic_quotes are enabled, an attacker can supply a URL in the site_path parameter to (1) index.php or (2) inc-common.php to execute arbitrary PHP code on the server. Th...
Activity MOD Plus 1.1.0 - 'phpBB Mod' File Inclusion
phpBB 2.x Activity MOD Plus File Inclusion Vulnerability Contacts ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on phpBB 2.x Activity MOD Plus Original advisory can be found at: http://www.nukedx.com/?viewdoc=38 Succesful exploitation needs registerglobals on GET ...
CVE-2006-2578
admin/cron.php in eSyndicat Directory 1.2, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the pathtoconfig parameter...
phpListPro <= 2.0.1 (Language) Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl Title: phpListPro = 2.0.1 Remote Command Execution Exploit URL: http://www.smartisoft.com/ Info: - arbitrary local inclusion - need magicquotesgpc=off use IO::Socket; use LWP::Simple; ripped from rgod @apache= "/var/log/httpd/accesslog%00",...
WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion
The remote host is running WEBalbum, a photo album application written in PHP. The installed version of WEBalbum fails to sanitize user input to the 'skin2' cookie in 'inc/incmain.php' before using it to include arbitrary files. An unauthenticated attacker may be able to read arbitrary local file...
GLSA-200605-04 : phpWebSite: Local file inclusion
The remote host is affected by the vulnerability described in GLSA-200605-04 phpWebSite: Local file inclusion rgod has reported that the 'hubdir' parameter in 'index.php' isn't properly verified. When 'magicquotesgpc' is disabled, this can be exploited to include arbitrary files from local...
Directory traversal
Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. dot dot in a filename in an ISO image...
CVE-2006-2100
Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. dot dot in a filename in an ISO image...
CVE-2006-2100
The CVE-2006-2100 entry describes a directory traversal vulnerability in Magic ISO 5.0 Build 0166. Affected component: Magic ISO’s ISO image handling. Root cause: remote attackers can exploit a .. (dot dot) in a filename within an ISO image to write arbitrary files on the system. Impact per provi...
CVE-2006-2100
Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. dot dot in a filename in an ISO image...
PHPSurveyor 0.995 - surveyid Remote Command Execution
PHPSurveyor 0.995 - surveyid Remote Command Execution !/usr/bin/php -q -d shortopentag=on works regardless of magicquotes gpc settings \r\n"; echo " with at least one row in 'surveys' table \r\n"; echo " and if we succeed to include logs \r\n"; echo "\r\n"; if $argc4 echo "Usage: php ".$argv0."...