3743 matches found
PCPIN Chat <= 5.0.4 (login/language) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ================================================================== PCPIN Chat works with magicquotesgpc = Off\r\n"; echo "dork: "powered by PCPIN.com"\r\n\r\n"; if $argc "" OR...
coppermine -- "file" Local File Inclusion Vulnerability
Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people to disclose sensitive information. Input passed to the "file" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary...
MODx < 0.9.1a Multiple Vulnerabilities
The remote host is running MODx, a content management system written in PHP. The version of MODx installed on the remote host fails to sanitize input to the 'id' parameter of the 'index.php' script before using it to generate dynamic HTML output. An unauthenticated attacker can exploit this to...
PowerClan 1.14 - SQL Injection
PowerClan 1.14 - SQL Injection -------------------------------------------------------- Software: PowerClan 1.14 Version: 1.14 Type: SQL Injection Date: Apr 13 23:37:50 CEST 2006 Vendor: powerscripts.org Page: http://www.powerscripts.org Risc: min credits: ---------------------------- d4igoro -...
[SA19637] RateIt "rateit_id" SQL Injection Vulnerability
TITLE: RateIt "rateitid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA19637 VERIFY ADVISORY: http://secunia.com/advisories/19637/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: RateIt 2.x http://secunia.com/product/9357/ DESCRIPTION: Aliaksandr...
phpWebSite <= 0.10.2 (hub_dir) Remote Commands Execution Exploit
Exploit for unknown platform in category web applications ================================================================ phpWebSite arbitrary local inclusion, works with magicquotesgpc = Off\r\n"; echo "by rgod, mail: email protected\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; if...
PHP121 Instant Messenger 1.4 - Remote Code Execution
PHP121 Instant Messenger 1.4 - Remote Code Execution !/usr/bin/php -q -d shortopentag=on works with magicquotesgpc = Off\r\n\r\n"; echo "a dork: inurl:php121login.php | inurl:php121im.php | intitle:"PHP121 - PLEASE"\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo...
phpList 2.10.2 - 'GLOBALS[]' Remote Code Execution
!/usr/bin/php -q -d shortopentag=on this works against registerglobals=On \r\n"; echo "a dork: inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe"\r\n"; echo " -ubbi phplist\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...
XBrite Members <= 1.1 (id) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ======================================================= XBrite Members = 1.1 id Remote SQL Injection Exploit ======================================================= ?php /...
XBrite Members <= 1.1 (id) Remote SQL Injection Exploit
No description provided by source. ?php / |=================================================================================================| | .. . .. . | | / || \ | | / \ | | / || | | | | || \ | | | ----| | | / ^ \ ---| |----| ,----'| || | | | | | | | | \ \ | . | / /\ \ | | | | | | | | | / | |...
dnGuestbook 2.0 - SQL Injection
/ | | | | | SECURITY ADVISORY | | | | | /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ advisory: dnGuestbook "dnGuestbook by design-nation.de Version" - 331 msn - "dnGuestbook by design-nation.de Version" - 249 conditions: php.ini - magicquotesgpc = Off greets: all security guys and coders ove...
phpmychat_015dev_xpl
!/usr/bin/php -q -d shortopentag=on works with magicquotesgpc=Off\r\n\r\n"; echo "dork: intext:"2000-2001 The phpHeaven Team" -sourceforge\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server ip/hostname\r\n"; echo "path: path to PHPMyChat\r\n";...
phpMyChat 0.15.0dev (SYS enter) Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PHPMyChat 0.15.0dev "SYS enter" remote cmmnds xctn 0day again\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "- works with magicquotesgpc=Off\r\n\r\n"; echo...
[SA19448] VBook Multiple Vulnerabilities
TITLE: VBook Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19448 VERIFY ADVISORY: http://secunia.com/advisories/19448/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data, System access WHERE: From remote SOFTWARE: VBook 2.x http://secunia.com/product/9051/...
Land Down Under <= 800 Multiple Vulnerabilities
The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP SPDX-FileCopyrightText: 2005 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2006-1238
SQL injection vulnerability in DSLogin 1.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $loguserid variable in 1 index.php and 2 admin/index.php...
PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution
!/usr/bin/php -q -d shortopentag=on autisticiorg\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "this works if "phpicalendarpublishing" is set to 1 in config.inc.php\r\n\r\n"; short explaination: phpICal lets users upload/delete files in WebDAV style through PUT / DELETE method;...
Gallery <= 2.0.3 stepOrder[] Remote Commands Execution Exploit
Exploit for unknown platform in category web applications ============================================================== Gallery autisticiorg \r\n"; echo "site: http://retrogod.altervista.org \r\n\r\n"; echo "- works with registerglobals = On and magicquotesgpc = Off \r\n"; if $argc5 echo "Usage:...
PHP-Stats 0.1.9.1 - Remote Commans Execution
PHP-Stats 0.1.9.1 - Remote Commans Execution works regardless of magicquotesgpc settings... usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"Of old, the rise of the Yin dynasty was due to I Chih who had served under the Hsia. Likewise, the rise of the Chou dynasty was due to...
NOCC Webmail <= 1.0 multiple vulnerabilities
------ NOCC Webmail = 1.0 multiple arbitrary local inclusion + ---------------- php injection - remote code execution / / cross site scripting / path disclosure -------------------------------------------------------------------------------- software: site: http://nocc.sourceforge.net/ descriptio...