142 matches found
Simple Machines Forum - Destroyer 0.1
Exploit for unknown platform in category web applications ===================================== Simple Machines Forum - Destroyer 0.1 ===================================== !/usr/bin/perl use LWP::UserAgent; use Getopt::Std; use LWP::Simple; use HTTP::Request; Author: Xianur0 Uxmal666atgmail.com...
Simple Machines Forum (SMF) 1.0.13/1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass
!/usr/bin/perl use LWP::UserAgent; use Getopt::Std; use LWP::Simple; use HTTP::Request; Author: Xianur0 Uxmal666atgmail.com Cracks links Password Recovery Find Temporary Files executed by mods DB function Flood by Error Log File Path Disclosure List installed Mods Useful To Find Mods Vulnerable...
CVE-2008-3562
CVE-2008-3562 describes a directory traversal vulnerability in the Contact module of Chupix CMS 0.1.0 . When magic_quotes_gpc is disabled, remote attackers can cause arbitrary local file inclusion/execution by using a ".." path traversal via the mods parameter in index.php. The vulnerability’s im...
CVE-2007-5061
CVE-2007-5061 is a SQL injection in Clansphere 2007.4, specifically for the file mods/banners/navlist.php where the attacker can influence the cat_id parameter passed to index.php in a banners action. The underlying issue is an input-validated vulnerability that enables remote attackers to execut...
Clansphere 2007.4 (cat_id) Remote SQL Injection Vulnerability
No description provided by source. Inclusion Hunter Team http://www.ihteam.net Clansphere 2007.4 Class: SQL Injection Found: 22/09/2007 Remote: Yes Site: http://www.clansphere.net/ Download: http://sourceforge.net/project/showfiles.php?groupid=95430 Author: R00TATI of IHTeam Contact:...
CVE-2007-2357
The CVE-2007-2357 entry describes a cross-site scripting (XSS) vulnerability in SineCMS 2.3.4, specifically in mods/Core/result.php, exploitable via the stringa parameter. Connected records (e.g., CVE-2007-6367) corroborate XSS in SineCMS 2.3.4 and earlier, via the guestbook fields, but the prima...
StoreFront for Gallery (GALLERY_BASEDIR) Remote File Inclusion Vulnerabilities
StoreFront for Gallery GALLERYBASEDIR Remote File Inclusion Vulnerabilities D.Script: http://www.dalton.net/ppstorefront/ppstorefront.zip Discovered by: Alkomandoz Hacker Homepage: http://Www.asb-may.net Exploit: mods/businessfunctions.php?GALLERYBASEDIR=Shell...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERYBASEDIR parameter to 1 mods/businessfunctions.php or 2 mods/uifunctions.php...
CVE-2007-2068
CVE-2007-2068 describes multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery. An attacker can supply a URL in the GALLERY_BASEDIR parameter to either mods/business_functions.php or mods/ui_functions.php, enabling remote code execution on the affected system. The d...
StoreFront for Gallery (GALLERY_BASEDIR) RFI Vulnerabilities
Exploit for unknown platform in category web applications ============================================================ StoreFront for Gallery GALLERYBASEDIR RFI Vulnerabilities ============================================================ StoreFront for Gallery GALLERYBASEDIR Remote File Inclusion...
WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability
No description provided by source. \ /\ / | \ | / // / | | \ \ Y / | / / \ /\| /\ / / / / / .OR.ID ECHOADV74$2007 ------------------------------------------------------------------------------------- ECHOADV74$2007 WebCreator = 0.2.6-rc3 moddir Remote File Inclusion Vulnerability...
WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ==================================================================== WebCreator = 0.2.6-rc3 moddir Remote File Inclusion Vulnerability ==================================================================== \ /\ \ / | \ \ | / \ // / | \ | \...
phpBB Module NoMoKeTos Rules 0.0.1 - Remote File Inclusion
!/usr/bin/perl phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit Coded by bd0rk || SOH-Crew Usage: exploit.pl target cmd shell shell variable Greetings: str0ke, TheJT, Kacper, Lu7k, Maik Vulnerable Code: includeonce$phpbbrootpath . 'includes/functionsadmin.'.$phpEx; vendor:...
phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit
Exploit for unknown platform in category web applications ============================================================== phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit ============================================================== !/usr/bin/perl phpBB Module NoMoKeTos Rules 0.0.1...
CVE-2006-5387
The CVE-2006-5387 entry describes a PHP remote file inclusion flaw in the PlusXL 20_272 and earlier phpBB module, specifically in mods/iai/includes/constants.php, allowing an attacker to execute arbitrary PHP code by supplying a URL to the phpbb_root_path parameter. The vulnerability relies on a ...
CTB arbitrary file include vulnerability-vulnerability warning-the black bar safety net
Introduction CTBChina Text Bulletinthe Forum is a free domestic text Forum. Since the code is relatively Mature and the text of the Forum of the convenient features used in the country more widely. Previously had a rough turn of the change the forum code found aXSSvulnerabilities, due to school...
CVE-2006-1427
CVE-2006-1427 involves multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier. The affected component is the web application’s CGI interfaces, specifically cgi-bin/index.cgi (parameters: action, id, num, board, cat, real, viewcat, img, curcatname) and /mods/calendar/i...
Stoney FTPd - rxBot mods ftpd Denial of Service
Stoney FTPd - rxBot mods ftpd Denial of Service / untested /str0ke / / rx-dos.c by D-oNe There exists a buffer overflow in Stoneys FTPd that most rxBot mod's use. The problem lies in how the code parses the PORT command and gives an opportunity for a buffer overflow. Problem is that the ftpd also...
Stoney FTPd - 'rxBot mods ftpd' Denial of Service
/ untested /str0ke / / rx-dos.c by D-oNe There exists a buffer overflow in Stoneys FTPd that most rxBot mod's use. The problem lies in how the code parses the PORT command and gives an opportunity for a buffer overflow. Problem is that the ftpd also uses select to handle multiple connections. So...
DC++ and its mods remote DoS in bzip2 decompression routine
DC++ and its mods remote DoS in bzip2 decompression routine Critical Security research: http://www.critical.lt Original advisory may be found: http://www.critical.lt/?vulnerabilities/22 PoC file may be found here: http://www.critical.lt/research/dc.zip Vulnerable product: DC++ and its mods all...