Lucene search
+L

33 matches found

Prion
Prion
added 2007/07/05 8:30 p.m.14 views

Code injection

Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into 1 a score.txt file via the score parameter, or 2 a setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php...

7.5CVSS8AI score0.02312EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2007/07/05 8:0 p.m.26 views

CVE-2007-3587

MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php...

7.2AI score0.02887EPSS
Exploits1References6
Cvelist
Cvelist
added 2007/07/05 8:0 p.m.21 views

CVE-2007-3586

Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into 1 a score.txt file via the score parameter, or 2 a setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php...

7.5AI score0.02312EPSS
Exploits1References4
Cvelist
Cvelist
added 2007/07/05 8:0 p.m.21 views

CVE-2007-3585

PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter...

7.6AI score0.0234EPSS
Exploits1References3
CVE
CVE
added 2007/07/05 8:0 p.m.46 views

CVE-2007-3587

CVE-2007-3587 affects MyCMS 0.9.8 and earlier. The vulnerability allows remote attackers to gain privileges by exploiting the admin cookie parameter, demonstrated via a POST to admin/settings.php that injects PHP code into settings.inc, which can then be executed by requesting index.php. This des...

7.5CVSS7.2AI score0.02887EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2007/07/05 8:0 p.m.40 views

CVE-2007-3586

CVE-2007-3586 affects MyCMS 0.9.8 and earlier. Multiple direct static code injection vulnerabilities allow remote attackers to inject arbitrary PHP into (1) _score.txt via the score parameter, or (2) _setby.txt via a login cookie, which is then included by games.php. The description notes that pr...

7.5CVSS7.5AI score0.02312EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2007/07/05 8:0 p.m.58 views

CVE-2007-3585

CVE-2007-3585 describes a PHP remote file inclusion in the MyCMS web application (versions 0.9.8 and earlier). The vulnerability occurs in the games.php component, where an attacker can supply a URL in the id parameter to cause the system to include and execute arbitrary PHP code on the server. T...

7.5CVSS7.6AI score0.0234EPSS
Exploits1References3Affected Software1
seebug.org
seebug.org
added 2007/07/04 12:0 a.m.35 views

MyCMS <= 0.9.8 Remote Command Execution Exploit (2 method)

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " MyCMS = 0.9.8 Remote Command Execution Exploit 2 method by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc3 echo "Usage: php...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/07/03 12:0 a.m.24 views

MyCMS 0.9.8 - Remote Command Execution (2)

MyCMS 0.9.8 - Remote Command Execution 2 !/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argcNo new score set"; elseif $score $data $file1 = "snakescore.txt"; $file2 = "snakesetby.txt"; $file1h = fopen$file1, 'w' or die"can't open file"; $file2h =...

0.1AI score
Exploits0
0day.today
0day.today
added 2007/07/03 12:0 a.m.53 views

MyCMS <= 0.9.8 Remote Command Execution Exploit

Exploit for unknown platform in category web applications =============================================== MyCMS 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0;...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/07/03 12:0 a.m.33 views

MyCMS <= 0.9.8 Remote Command Execution Exploit (2 method)

Exploit for unknown platform in category web applications ========================================================== MyCMS No new score set"; elseif $score $data $file1 = "snakescore.txt"; $file2 = "snakesetby.txt"; $file1h = fopen$file1, 'w' or die"can't open file"; $file2h = fopen$file2, 'w' or...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/07/03 12:0 a.m.32 views

MyCMS 0.9.8 - Remote Command Execution (2)

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argcNo new score set"; elseif $score $data $file1 = "snakescore.txt"; $file2 = "snakesetby.txt"; $file1h = fopen$file1, 'w' or die"can't open file"; $file2h = fopen$file2, 'w' or die"can't open file"...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/07/03 12:0 a.m.38 views

MyCMS 0.9.8 - Remote Command Execution (1)

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n";...

7.4AI score
Exploits0
Rows per page
Query Builder