69 matches found
OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities
OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/66251/info OpenX is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead ...
Authentication flaw
Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files...
DEBIAN-CVE-2009-2853
Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to 1 admin-footer.php, 2 edit-category-form.php, 3 edit-form-advanced.php, 4 edit-form-comment.php, 5 edit-link-category-form.php, 6 edit-link-form.php, 7 edit-page-form.php, and 8 edit-tag-form.php in wp-admin...
CMS chainuk 1.2 - Multiple Vulnerabilities
CMS Chainuk = v.1.2 Vulns Home: Cms.tut.su Dork: "Cms.tut.su, 2009 g." eLwauxc 14.06.2 LFI /index.php --------------------------------------------------------------------------- 6: if isset$GET 'id' 7: 8: color=white$id = $GET 'id';/color 9: 10: else 11: 12: $id = $index; 13: 14: if fileexists...
Campsite 'g_campsiteDir' Remote and Local File Inclusion Vulnerabilities
This host is running Campsite and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodcampsitemultvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Campsite 'gcampsiteDir' Remote and Local File Inclusion Vulnerabilities Authors: Sharath S Copyright: Copyright c 2009 SecPod,...
CVE-2009-2182
Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSgcampsiteDir parameter to 1 adpopup.php, 2 camphtml.php, 3 initcontent.php, 4 logout.php, 5 menu.php, and 6 set-author.php in admin-files/; 7...
CVE-2009-2181
Cross-site scripting XSS vulnerability in admin-files/templates/listdir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter...
CVE-2009-2182
Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSgcampsiteDir parameter to 1 adpopup.php, 2 camphtml.php, 3 initcontent.php, 4 logout.php, 5 menu.php, and 6 set-author.php in admin-files/; 7...
PNphpBB2 <= 1.2i (ModName) Multiple LFI Vulnerabilities
No description provided by source. +=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | PNphpBB2 = 1.2i ModName Multiple LFI Vulnerabilities | Note | +=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | discovered by athos -...
EUVD-2008-3495
LoveCMS 1.6.2 does not require administrative authentication for 1 addblock.php, 2 blocks.php, and 3 themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors...
Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability
Exploit for unknown platform in category web applications ============================================================ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability ============================================================...
PT-2007-5481 · Unknown · X-Script Guestbook
Name of the Vulnerable Software and Affected Versions: Guestbook Script version 1.9 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the script root parameter to various PHP files, including 'delete.php', 'edit.php', 'inc/common.inc.php', 'database.php',...
MyCMS <= 0.9.8 Remote Command Execution Exploit
Exploit for unknown platform in category web applications =============================================== MyCMS 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0;...
inoutse-exec.txt
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc this is not a protection for two reasons: i everyone can make a cookie with false credentials ii there isn't any exit or die function after header'Location: index.php' Now look at create...
Inout Search Engine (all version) Remote Code Execution Exploit
Exploit for unknown platform in category web applications =============================================================== Inout Search Engine all version Remote Code Execution Exploit =============================================================== !/usr/bin/php -q -d shortopentag=on this is not a...
Authentication flaw
MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php...
EUVD-2007-0559
Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter to 1 adminlinkdb.php, 2 adminforumprune.php, 3 adminextensions.php, 4 adminboard.php, 5 adminattachments.php, or 6 adminusers.php in...
PHP Simple Shop 2.0 - abs_path Remote File Inclusion
PHP Simple Shop 2.0 - abspath Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV44$2006 ------------------------------------------------------------------------------ ECHOADV44$2006 PHP Simple Shop = 2.0 abspath Remote File Inclusion...
PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ===================================================================== PHP Simple Shop = 2.0 abspath Remote File Inclusion Vulnerability ===================================================================== \ /\ \ / | \ \ | / \ // / | \ |...
indexu501.txt
Discovered By CrAshoVeRrIdE indexu remote file include -------------------------- site of script:http://www.nicecoder.com/ ------------------------------------------------- Vulnerable: INDEXU v5.0.1 file include ------------ include$admintemplatepath."msg.php"; admintemplatepath parameter File...