LinPHA <= 1.0 Multiple Vulnerabilities

The remote host is running LinPHA, a web photo gallery application written in PHP. The installed version of LinPHA suffers from a number of flaws, several of which could allow an unauthenticated attacker to view arbitrary files or to execute arbitrary PHP code on the remote host, subject to the...

SPIP <= 1.8.2g Remote Commands Execution Exploit

Exploit for unknown platform in category web applications ================================================ SPIP this works regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Fighting with a large army under your command is nowise differen...

RCBlog index.php post Parameter Traversal Arbitrary File Access

The remote host is running RCBlog, a blog written in PHP. The remote version of this software fails to sanitize user-supplied input to the 'post' parameter of the 'index.php' script. An attacker can use this to access arbitrary files on the remote host provided PHP's 'magicquotes' setting is...

[SA18601] Reamday Enterprises Magic News Password Change Bypass

TITLE: Reamday Enterprises Magic News Password Change Bypass SECUNIA ADVISORY ID: SA18601 VERIFY ADVISORY: http://secunia.com/advisories/18601/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Reamday Enterprises Magic News Plus 1.x http://secunia.com/product/698...

CVE-2006-0157

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and adminpassword parameters, then declares the new password string in the newpasswd and confirmpasswd paramete...

CVE-2006-0157

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and adminpassword parameters, then declares the new password string in the newpasswd and confirmpasswd paramete...

CVE-2006-0157

The connected documents confirm a concrete vulnerability in Reamday Enterprises Magic News Plus 1.0.3: settings.php contains a flaw that lets remote attackers change the administrator password. The attack is performed via a change action that supplies identical values for passwd and admin_passwor...

Magic News Plus <= 1.0.3 Admin Pass Change Exploit

Exploit for unknown platform in category web applications ================================================== Magic News Plus All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password. Here is where t...

Magic News Plus 1.0.3 - Admin Pass Change

!/usr/bin/perl Magic News Plus All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password. Here is where the problem is line 108 of 426: ... 1 elseif $action == "change" ... 2 if $passwd !=...

phpBB &lt;= 2.0.17 (signature_bbcode_uid) Remote Command Exploit

No description provided by source. !/usr/bin/perl phpBB = 2.0.17 remote command execution exploit need for work: 1. PHP 5 5.0.5 2. registerglobals=On 3. magicquotes off ------------------------------------------------ coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru 03.11.05 use...

From PHP Forum the vulnerability of the endoscope security management-vulnerability warning-the black bar safety net

From: ReJeCt‘s Blog Blue magic Forum is a PHP Forum in the country is widely used. Due to its user registration module in some code defect that can lead to a malicious attacker will be normal users to elevate to administrator. First let's look at an invasion of the examples. The invasion paradigm...

PHPGedView &lt;= 3.3.7 remote code execution

--- PHPGedView = 3.3.7 Arbitrary local/remote code execution & php injection --- software: site: http://www.phpgedview.net/ description: "PhpGedView is a revolutionary genealogy program which allows you to view and edit your genealogy on your website." - vulnerabilties:...

Limbo <= 1.0.4.2 _SERVER[REMOTE_ADDR] Overwrite Remote Exploit

Exploit for unknown platform in category web applications ============================================================== Limbo this works wtih registerglobals off & regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Humble words and...

CVE-2005-4177

Cross-site scripting XSS vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter...

CVE-2005-4177

The CVE-2005-4177 entry concerns an XSS vulnerability in Magic Book Personal and Professional 2.0, specifically in the book.cfm component where the StartRow parameter is not properly sanitized. The vulnerability could allow remote attackers to inject arbitrary web script or HTML, as documented by...

CVE-2005-4177

Cross-site scripting XSS vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter...

Magic Book Professional 2.0 - &#039;Book.cfm&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/15805/info Magic Book Professional is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in...

CVE-2005-4072

Cross-site scripting XSS vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in searchforums.cfm, as used in the "Search For:" field...

CVE-2005-4071

Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 ForumID parameter in viewforum.cfm, and 2 ForumID, 3 Thread, and 4 ThreadID parameters in viewthread.cfm...

CVE-2005-4072

Cross-site scripting XSS vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in searchforums.cfm, as used in the "Search For:" field...