MemHT Portal <= 3.9.0 Remote Create Shell Exploit

Exploit for unknown platform in category web applications ================================================= MemHT Portal = 3.9.0 Remote Create Shell Exploit ================================================= !/usr/bin/perl MemHT Portal = 3.9.0 Perl exploit discovered & written by Ams DESCRIPTION:...

MemHT Portal 3.9.0 - Remote Create Shell

!/usr/bin/perl MemHT Portal = 3.9.0 Perl exploit discovered & written by Ams ax330d doggy gmail dot com DESCRIPTION: Script /inc/incstatistics.php accepts unfiltered $COOKIE's, $COOKIE'statsres' which later goes to MySQL request. So we are able to make sql injection. This exploit tries to create...

MemHT Portal 3.9.0 - Remote Create Shell

MemHT Portal 3.9.0 - Remote Create Shell !/usr/bin/perl MemHT Portal = 3.9.0 Perl exploit discovered & written by Ams ax330d doggy gmail dot com DESCRIPTION: Script /inc/incstatistics.php accepts unfiltered $COOKIE's, $COOKIE'statsres' which later goes to MySQL request. So we are able to make sql...

CaupoShop Classic 1.3 - &#039;saArticle[ID]&#039; SQL Injection

!/usr/bin/perl CaupoShop Classic 1.3 Remote Exploit Bug by: h0yt3r Dork: inurl:cscarticledetails.php Couldnt find a stable dork for this specific Version. Exploit will only work on correct version. I found this long time ago but never actually shared it. As the userid's are a bit messy you will...

Synergiser &lt;= 1.2 RC1 Local File Inclusion &amp; Full path disclosure

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg Original here:...

syner-lfi.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg Original here: http://www.inj3ct-it.org/exploit/syner.txt...

CVE-2003-1486

CVE-2003-1486 affects Phorum 3.4 to 3.4.2. An incorrect HTTP request to one of nine scripts (smileys.php, quick_listrss.php, purge.php, news.php, memberlist.php, forum_listrss.php, forum_list_rdf.php, forum_list.php, move.php) can make the server leak its full path in an error message. This is a ...

CVE-2003-1468

Technical details beyond the CVE description are not provided in the supplied documents. Monitor for updates from authoritative sources to confirm affected versions, impact, and fixes.

CVE-2003-1469

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message...

security flaw

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...

[Full-disclosure] Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory 27 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from...

CVE-2006-7154

Iono allows remote attackers to obtain the full server path via certain requests to 1 templates/iono/admin/denied.tpl.php, 2 templates/iono/admin/index.tpl.php, and a other unspecified files in templates/...

CVE-2006-7154

The CVE concerns Iono: remote attackers can obtain the full server path by crafting requests to templates/iono/admin/denied.tpl.php, templates/iono/admin/index.tpl.php, and other files under templates/. The vulnerability description indicates a server path disclosure via file requests in the temp...

Spyce 2.1.3 - spyceexamplesrequest.spy?name Cross-Site Scripting

Spyce 2.1.3 - spyceexamplesrequest.spy?name Cross-Site Scripting source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execu...

CVE-2006-6943

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to a scripts/checklang.php and b themes/darkblueorange/layout.inc.php; and via the 1 lang, 2 target, 3 db, 4 goto, 5 table, and 6 tblgroup array arguments to c index.php, and the 7 back argument t...

DEBIAN-CVE-2006-6943

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to a scripts/checklang.php and b themes/darkblueorange/layout.inc.php; and via the 1 lang, 2 target, 3 db, 4 goto, 5 table, and 6 tblgroup array arguments to c index.php, and the 7 back argument t...

CVE-2006-6943

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to a scripts/checklang.php and b themes/darkblueorange/layout.inc.php; and via the 1 lang, 2 target, 3 db, 4 goto, 5 table, and 6 tblgroup array arguments to c index.php, and the 7 back argument t...

CVE-2006-6943

PhpMyAdmin prior to 2.9.1.1 is affected by a path-disclosure vulnerability. Remote attackers can obtain the full server path by making direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php, as well as by supplying any of the following arguments to index.php: ...

CVE-2006-6943

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to a scripts/checklang.php and b themes/darkblueorange/layout.inc.php; and via the 1 lang, 2 target, 3 db, 4 goto, 5 table, and 6 tblgroup array arguments to c index.php, and the 7 back argument t...

CVE-2006-6273

spindex.php in Simple PHP Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid dir parameter, which reveals the path in an error message...