1341 matches found
cjay-rfi.txt
/ \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title Cjay Content 3 WYSIWYG IE 5.5+ Remote File Inclusion Vulnerability Description Editor module for XOOPS CMS Vuln Code In...
Xoops XFsection模块Dir_Module参数远程文件包含漏洞
Xoops XFsection是一款基于PHP的WEB应用程序。 Xoops XFsection不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于脚本对用户提交的'xoopsConfigrootpath'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Xoops XFsection Module 1.07 目前没有详细解决方案提供: http://www.xoops.org/...
popnupblog.txt
/ \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title PopnupBlog XOOPS Module Remote File Inclusion Vulnerability Description Blogging module for XOOPS CMS Vuln Code In /class/sendmail.php includeonce...
Immunity Canvas: XOOPS_CJCONTENT
Name| xoopscjcontent ---|--- CVE| CVE-2007-3220 Exploit Pack| CANVAS Description| Xoops Cjaycontent Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: Xoops CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3220 CVE Name: CVE-2007-3220...
CVE-2007-3220
PHP remote file inclusion vulnerability in admin/editor2/spawcontrol.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this may be a duplicate of CVE-2006-4656...
CVE-2007-3221
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
Immunity Canvas: XOOPS_XTCONTEUDO
Name| xoopsxtconteudo ---|--- CVE| CVE-2007-3221 Exploit Pack| CANVAS Description| Xoops XT-Conteudo Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: Xoops CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3221 CVE Name: CVE-2007-3221...
CVE-2007-3222
PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dirmodule parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
Remote file inclusion
PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dirmodule parameter...
CVE-2007-3222
Summary (CVE-2007-3222) : A PHP remote file inclusion vulnerability exists in the XFSection 1.07 module for XOOPS, specifically in modify.php where the dir_module parameter is unsafely used to include PHP code. This allows an attacker to cause arbitrary PHP code execution by supplying a crafted U...
CVE-2007-3221
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
CVE-2007-3222
PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dirmodule parameter...
CVE-2007-3221
CVE-2007-3221 is a PHP remote file inclusion in XOOPS XT-Conteudo module; the vulnerable file is admin/spaw/spaw_control.class.php, exploitable via a URL in the spaw_root parameter to execute arbitrary PHP code. The issue is noted as probably a duplicate of CVE-2006-4656. Related entries (CVE-200...
CVE-2007-3220
CVE-2007-3220 affects the Cjay Content 3 module for XOOPS, specifically admin/editor2/spaw_control.class.php, where the spaw_root parameter enables PHP remote file inclusion. The underlying issue is improper handling/validation of spaw_root, allowing an attacker to cause arbitrary PHP code execut...
XOOPS XFSection Module modify.php dir_module Parameter Remote File Inclusion
The remote host is running XFSection, a third-party module for XOOPS. The version of this module installed on the remote host fails to sanitize input to the 'dirmodule' parameter of the 'modify.php' script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting, an...
XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
No description provided by source. / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title XT-Conteudo XOOPS Module Remote File Inclusion&n...
XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
No description provided by source. XOOPS Module XFsection Remote File Inclusion version: 1.07 source : http://prdownloads.sourceforge.net/xoops/xoops2-modxfsection-107.zip Discovered by SpLo1T from hTTp://hacking.3Xforum.Ro Bug :...
xoops-xfsection.txt
XOOPS Module XFsection Remote File Inclusion version: 1.07 source : http://prdownloads.sourceforge.net/xoops/xoops2-modxfsection-107.zip Discovered by SpLo1T from hTTp://hacking.3Xforum.Ro Bug : http://www.site.com/modules/xfsection/modify.php?dirmodule=evilcode.txt? Shoutz t0 :...
XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
No description provided by source. / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title Cjay Content 3 WYSIWYG IE 5.5+ Remote Fi...