Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 bankdataroot parameter to modules/bank/includes/design/main.inc.php, or the 2 fmdataroot parameter to a includes/config/master.inc.php or b...

CVE-2007-2891

Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 bankdataroot parameter to modules/bank/includes/design/main.inc.php, or the 2 fmdataroot parameter to a includes/config/master.inc.php or b...

Sql injection

Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information...

tomcat directory traversal

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

tomcat directory traversal

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

tomcat directory traversal

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

PT-2007-4082

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description The issue allows remote attackers to determine the existence of certain user accounts. This is possible when OpenSSH is using OPIE One-Time Passwords in Everything for PAM. The system display...

tomcat directory traversal

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via 1 the formmail parameter to contact/contact/index.php; the 2 formmods or 3 formsearchterm parameter to search/list/actionsearch/index.php; 4 the id parameter to...

miniwebshop2-xss.txt

-=--------------------ADVISORY-------------------=- Mini Web Shop V.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mini Web Shop -=+ Version: 2 -=+ Vendor's URL: http://obiewebsite.sourceforge.net/o.php?MiniWebShop -=+ Platform:...

PMECMS 1.0 - config[pathMod] Remote File Inclusion

PMECMS = 1.0 Multiple Remote File Inclusion Vulnerabilities D.Script: http://www.pmecms.com/export/maj/PMECMSStandardos1.0.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:Path/mod/image/index.php?configpathMod=Shell Exploit:Path/mod/liens/index.php?configpathMod=Shell...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the docroot parameter to 1 localize.php or 2 config.php in modules/admin/include/...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Modules Builder modbuild 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter to 1 config-bak.php or 2 config.php. NOTE: CVE disputes this vulnerability because the unmodified...

CVE-2007-2422

Multiple PHP remote file inclusion vulnerabilities in Modules Builder modbuild 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter to 1 config-bak.php or 2 config.php. NOTE: CVE disputes this vulnerability because the unmodified...

CVE-2007-2422

The CVE-2007-2422 issue affects Comdev One Admin Modules Builder (modbuild) v4.1. A PHP Remote File Inclusion vulnerability exists via the path[docroot] parameter to the endpoints (1) config-bak.php and (2) config.php, enabling remote code execution. Root cause notes indicate unmodified scripts s...

PT-2007-3754 · Comdev · Comdev One Admin Modules Builder

Name of the Vulnerable Software and Affected Versions: Comdev One Admin Modules Builder modbuild version 4.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter to 1 "config-bak.php" or 2 "config.php" endpoints. However, it's noted...

CVE-2007-2422

Multiple PHP remote file inclusion vulnerabilities in Modules Builder modbuild 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter to 1 config-bak.php or 2 config.php. NOTE: CVE disputes this vulnerability because the unmodified...

phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit

No description provided by source. !-- phpMySpace Gold v8.10 - Blind SQL/XPath Injection Exploit Vulnerable Variable: itemid Vulnerable File: modules/news/article.php Vulnerable: phpMySpace Gold v8.10 other versions should also be vulnerable Google d0rk: "Powered by phpMySpace Gold 8.10" John...

Firefly 1.1.01 - 'doc_root' Remote File Inclusion

firefly 1.1.01 = Remote File Include Vulnerablitiy D.Script: http://fresh.t-systems-sfr.com/unix/src/privat2/firefly-1.1.01.tar.gz Discovered by: Alkomandoz Hacker Homepage: asb-may.net & mohandko.com & sniper-sa.com & Tryag.com ====================================...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System LMS 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643...