242 matches found
Brightstation Muscat 1.0 Root Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2374/info Making an invalid request to a machine running Brightstation Muscat, will disclose the physical path to the root directory. http://target/cgi-bin/empower?DB=UkRteamHole http://target/cgi-bin/empower?DB=UkRteamHo...
Captaris Infinite Mobile Delivery Webmail 2.6 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12399/info Infinite Mobile Delivery Webmail is reportedly affected by a path disclosure vulnerability. This issue could permit a malicious user to expose the root path of the affected application...
SAPID Shop <= 1.2 (root_path) Remote File Include Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '63795' ssvid version = '1.0' author = '皮皮' vulDate = '2006-08-09' createDate = '2015-12-24...
UBUNTU-CVE-2013-6456
The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...
Paliz CMS Full Path Disclosure Vulnerability
Title: Paliz CMS Full Path Disclosure Vulnerability Vulnerable Version: all versions Vendor URL: http://palizct.com Impact: Low =========================== Vulnerability Description: =========================== Full Path Disclosure Vulnerability, enable the attacker to see the root path...
Apache Tomcat Examples Web Root Path Disclosure
The instance of Apache Tomcat listening on the remote host is affected by an information disclosure vulnerability. An attacker is able to determine the Tomcat application's web root path by requesting any one of numerous example files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
IIS 5.0 PERL IISAPI扩展列举服务器根路径
No description provided by source...
Piwigo v2.0.6 Multiple Vulnerabilities
Exploit for unknown platform in category web applications ========================================= Piwigo : mysqlfetcharray expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\piwigo-2.0.6\include\functions.inc.php on line 936 The parentid and imageid and unsanitized however...
Piwigo 2.0.6 - Multiple Vulnerabilities
Piwigo 2.0.6 - Multiple Vulnerabilities Piwigo v2.0.6 Multiple Vulnerabilities Found By: mrme Download: http://piwigo.org/ Tested On: Windows Vista Note: For educational purposes only Vulnerabilities: XSS, CSRF, SQL Injection Author contact date: 13/12/09 Note: There is possibly many other...
Thatware <= 0.5.3 Multiple Remote File Include Exploit
No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg Thatware = 0.5.3 Multiple Remote File Include Exploit Download Script : http://sourceforge.net/projects/thatware/files Vuln : ./thatwarepath/config.php line 4 ?php include $rootpath."dbsettings.php"; ? PoC :...
Mura CMS 5.1 - Root Path Disclosure
Mura CMS 5.1 - Root Path Disclosure ONSEC-09-020 Mura CMS root folder disclosure Objective: Mura CMS = 5.1 Type: Disclosure of ways Threat: Medium Date Discovered: 22.09.2009 Date of notification Developer: 22.09.2009 Released corrections: Author: Vladimir Vorontsov OnSec Russian Security Group...
Mura CMS 5.1 - Root Path Disclosure
ONSEC-09-020 Mura CMS root folder disclosure Objective: Mura CMS = 5.1 Type: Disclosure of ways Threat: Medium Date Discovered: 22.09.2009 Date of notification Developer: 22.09.2009 Released corrections: Author: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Description: content...
PT-2008-2764 · Phpbb · 123 Flash Chat Module
Name of the Vulnerable Software and Affected Versions: 123 Flash Chat Module for phpBB affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter to 1 "123flashchat.php" and 2 "phpbb login chat.php"...
CVE-2007-6657
PHP remote file inclusion vulnerability in source/includes/loadforum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfhrootpath parameter...
CVE-2007-6655
PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...
Kontakt Formular 1.4 Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ======================================================== Kontakt Formular 1.4 Remote File Inclusion Vulnerability ======================================================== ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +...
PT-2007-6257 · Universibo · Universibo
Name of the Vulnerable Software and Affected Versions: UniversiBO version 1.3.4 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter in the htmls/forum/includes/topic review.php file. This is due to a remote file inclusion...
PT-2007-4474 · Mybloggie · Mybloggie
Name of the Vulnerable Software and Affected Versions: myBloggie version 2.1.5 Description: The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the bloggie root path parameter to several PHP files, including config.php, db.php, template.php, functions.php,...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board GPB unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 db.mysql.inc.php or 2 gpb.inc.php in include/, or the 3 theme parameter to themes/ubb/login.php...
MXBB MX Smartor Module PHPBB_Root_Path远程文件包含漏洞
mxBB Smartor Album module是一款基于PHP的WEB应用程序。 mxBB Smartor Album module不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'adminalbumotf.php'脚本对用户提交的'PHPBBRootPath'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 mxBB Smartor Album module 2.0 RC1 目前没有解决方案提供: http://www.mx-system.com/...