Lucene search
K

1341 matches found

Packet Storm
Packet Storm
added 2007/06/15 12:0 a.m.28 views

cjay-rfi.txt

/ \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title Cjay Content 3 WYSIWYG IE 5.5+ Remote File Inclusion Vulnerability Description Editor module for XOOPS CMS Vuln Code In...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/06/15 12:0 a.m.21 views

Xoops XFsection模块Dir_Module参数远程文件包含漏洞

Xoops XFsection是一款基于PHP的WEB应用程序。 Xoops XFsection不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于脚本对用户提交的'xoopsConfigrootpath'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Xoops XFsection Module 1.07 目前没有详细解决方案提供: http://www.xoops.org/...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/06/15 12:0 a.m.22 views

popnupblog.txt

/ \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title PopnupBlog XOOPS Module Remote File Inclusion Vulnerability Description Blogging module for XOOPS CMS Vuln Code In /class/sendmail.php includeonce...

7.4AI score
Exploits0
canvas
canvas
added 2007/06/14 11:30 p.m.31 views

Immunity Canvas: XOOPS_CJCONTENT

Name| xoopscjcontent ---|--- CVE| CVE-2007-3220 Exploit Pack| CANVAS Description| Xoops Cjaycontent Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: Xoops CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3220 CVE Name: CVE-2007-3220...

6.8CVSS1AI score0.62746EPSS
Exploits1
NVD
NVD
added 2007/06/14 11:30 p.m.31 views

CVE-2007-3220

PHP remote file inclusion vulnerability in admin/editor2/spawcontrol.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this may be a duplicate of CVE-2006-4656...

6.8CVSS7.2AI score0.62746EPSS
Exploits1References5
NVD
NVD
added 2007/06/14 11:30 p.m.18 views

CVE-2007-3221

PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

6.8CVSS7.2AI score0.67812EPSS
Exploits1References6
canvas
canvas
added 2007/06/14 11:30 p.m.61 views

Immunity Canvas: XOOPS_XTCONTEUDO

Name| xoopsxtconteudo ---|--- CVE| CVE-2007-3221 Exploit Pack| CANVAS Description| Xoops XT-Conteudo Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: Xoops CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3221 CVE Name: CVE-2007-3221...

6.8CVSS0.9AI score0.67812EPSS
Exploits1
NVD
NVD
added 2007/06/14 11:30 p.m.12 views

CVE-2007-3222

PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dirmodule parameter...

7.5CVSS7.6AI score0.07438EPSS
Exploits1References3
Prion
Prion
added 2007/06/14 11:30 p.m.26 views

Remote file inclusion

PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

6.8CVSS7.3AI score0.67812EPSS
Exploits1References6
Prion
Prion
added 2007/06/14 11:30 p.m.15 views

Remote file inclusion

PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dirmodule parameter...

7.5CVSS7.8AI score0.07438EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2007/06/14 11:0 p.m.68 views

CVE-2007-3222

Summary (CVE-2007-3222) : A PHP remote file inclusion vulnerability exists in the XFSection 1.07 module for XOOPS, specifically in modify.php where the dir_module parameter is unsafely used to include PHP code. This allows an attacker to cause arbitrary PHP code execution by supplying a crafted U...

7.5CVSS7.6AI score0.07438EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2007/06/14 11:0 p.m.18 views

CVE-2007-3221

PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

7.2AI score0.67812EPSS
Exploits1References6
Cvelist
Cvelist
added 2007/06/14 11:0 p.m.21 views

CVE-2007-3222

PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dirmodule parameter...

7.6AI score0.07438EPSS
Exploits1References3
CVE
CVE
added 2007/06/14 11:0 p.m.53 views

CVE-2007-3221

CVE-2007-3221 is a PHP remote file inclusion in XOOPS XT-Conteudo module; the vulnerable file is admin/spaw/spaw_control.class.php, exploitable via a URL in the spaw_root parameter to execute arbitrary PHP code. The issue is noted as probably a duplicate of CVE-2006-4656. Related entries (CVE-200...

6.8CVSS7.2AI score0.67812EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2007/06/14 11:0 p.m.67 views

CVE-2007-3220

CVE-2007-3220 affects the Cjay Content 3 module for XOOPS, specifically admin/editor2/spaw_control.class.php, where the spaw_root parameter enables PHP remote file inclusion. The underlying issue is improper handling/validation of spaw_root, allowing an attacker to cause arbitrary PHP code execut...

6.8CVSS7.5AI score0.62746EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/06/14 12:0 a.m.39 views

XOOPS XFSection Module modify.php dir_module Parameter Remote File Inclusion

The remote host is running XFSection, a third-party module for XOOPS. The version of this module installed on the remote host fails to sanitize input to the 'dirmodule' parameter of the 'modify.php' script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting, an...

7.5CVSS6AI score0.07438EPSS
Exploits1References1
seebug.org
seebug.org
added 2007/06/14 12:0 a.m.32 views

XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability

No description provided by source. / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title XT-Conteudo XOOPS Module Remote File Inclusion&n...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/14 12:0 a.m.57 views

XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability

No description provided by source. XOOPS Module XFsection Remote File Inclusion version: 1.07 source : http://prdownloads.sourceforge.net/xoops/xoops2-modxfsection-107.zip Discovered by SpLo1T from hTTp://hacking.3Xforum.Ro Bug :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/06/14 12:0 a.m.28 views

xoops-xfsection.txt

XOOPS Module XFsection Remote File Inclusion version: 1.07 source : http://prdownloads.sourceforge.net/xoops/xoops2-modxfsection-107.zip Discovered by SpLo1T from hTTp://hacking.3Xforum.Ro Bug : http://www.site.com/modules/xfsection/modify.php?dirmodule=evilcode.txt? Shoutz t0 :...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/06/14 12:0 a.m.27 views

XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability

No description provided by source. / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title Cjay Content 3 WYSIWYG IE 5.5+ Remote Fi...

7.1AI score
Exploits0
Rows per page
Query Builder