Lucene search
K

61 matches found

Cvelist
Cvelist
added 2007/08/31 11:0 p.m.27 views

CVE-2007-4641

Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter, as demonstrated by injecting code into an Apache log file...

7.2AI score0.02666EPSS
Exploits0References3
Prion
Prion
added 2007/03/23 10:19 p.m.12 views

Directory traversal

Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. dot dot sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header...

7.5CVSS7.5AI score0.0295EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2007/03/23 10:19 p.m.10 views

CVE-2007-1636

Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. dot dot sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header...

7.5CVSS7AI score0.0295EPSS
Exploits1References5
Cvelist
Cvelist
added 2007/03/23 10:0 p.m.18 views

CVE-2007-1636

Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. dot dot sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header...

7AI score0.0295EPSS
Exploits1References5
NVD
NVD
added 2007/03/20 10:19 p.m.21 views

CVE-2007-1539

Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. dot dot sequence in the modulename parameter, as demonstrated via a static PHP code injection attack in an Apache log file...

4.3CVSS7.2AI score0.03151EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/03/20 10:0 p.m.26 views

CVE-2007-1539

Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. dot dot sequence in the modulename parameter, as demonstrated via a static PHP code injection attack in an Apache log file...

7.2AI score0.03151EPSS
Exploits0References6
CVE
CVE
added 2007/03/20 10:0 p.m.40 views

CVE-2007-1539

The CVE-2007-1539 entry concerns a Directory traversal vulnerability in the pragmaMX Landkarten 2.1 module, specifically in inc/map.func.php, where an attacker can include arbitrary files through a .. sequence in the module_name parameter. This was demonstrated via a static PHP code injection in ...

4.3CVSS7.2AI score0.03151EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2006/11/03 12:0 a.m.22 views

VMware ESX多个敏感信息泄露漏洞

VMware ESX Server是一个适用于任何系统环境的企业级虚拟计算机软件。 VMware ESX Server的管理界面使用了两个Cookies(vmware.mui.kid和vmware.mui.sid)中的会话ID。会话ID格式是私有的,包含有简单base64编码格式的用户帐号和口令。如果攻击者可以通过任何机制(如跨站脚本攻击)访问了Cookies的话,就可以获取认证凭据。 VMware ESX Server的管理界面允许用户更改口令。如果是root用户的话,还可以更改其他用户的口令。在更改口令时,会通过一个HTML表单要求用户输入并确认新的口令,然后通过HTTP...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/08/13 12:0 a.m.40 views

XMB 1.9.6 Final - 'basename()' Remote Command Execution

!/usr/bin/php -q -d shortopentag=on ? echo "XMB = 1.9.6 Final basename 'langfilenew' arbitrary local inclusion / remote commands xctn\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork: "Powered by XMB"\n\n"; / works regardless of php.ini settings /...

7.4AI score
Exploits0
Saint
Saint
added 2006/06/23 12:0 a.m.19 views

BASE base_qry_common.php file include

Added: 06/23/2006 CVE: CVE-2006-2685 BID: 18298 OSVDB: 25770 Background Snort is an open-source intrusion detection system. The Basic Analysis and Security Engine BASE is a web interface for analyzing Snort results. Problem If the registerglobals PHP option is enabled, the baseqrycommon.php scrip...

4CVSS6.5AI score0.49185EPSS
Exploits11
0day.today
0day.today
added 2006/03/15 12:0 a.m.53 views

php iCalendar <= 2.21 (Cookie) Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================================ php iCalendar arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodautisticiorg\r\n"; short explaination: phpICal stores language & template user preferences inside...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/03/15 12:0 a.m.10 views

PHP iCalendar 2.21 - cookie Remote Code Execution

PHP iCalendar 2.21 - cookie Remote Code Execution !/usr/bin/php -q -d shortopentag=on arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodautisticiorg\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; short explaination: phpICal stores language & template user preferences...

0.4AI score
Exploits0
seebug.org
seebug.org
added 2006/03/15 12:0 a.m.29 views

php iCalendar &lt;= 2.21 (Cookie) Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "php iCalendar =2.21 "cookielanguage"/"cookiestyle" remote cmmnds xctn\r\n"; echo "- arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodATautisticiDOTorg\r\n"; echo "site:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/03/15 12:0 a.m.44 views

PHP iCalendar 2.21 - &#039;cookie&#039; Remote Code Execution

!/usr/bin/php -q -d shortopentag=on arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodautisticiorg\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; short explaination: phpICal stores language & template user preferences inside cookies. Theese values are used to include...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/03/13 12:0 a.m.64 views

Simple PHP Blog 0.4.7.1 - Remote Command Execution

!/usr/bin/perl use IO::Socket; print "Simple PHP Blog this works with magicquotesgpc = Off\r\n\r\n"; short explaination: we have this code in install05.php: ... script is not deleted after installation, so, if magicquotesgpc = Off, you can include an arbitrary file from local resources, poc:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/10/18 12:0 a.m.30 views

wagora420_xpl.txt

W-agora 4.2.0 Remote code execution / cross site scripting poc exploit software: site: http://w-agora.net/en/index.php description: "W-Agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussions and other information on you...

7.4AI score
Exploits0
NVD
NVD
added 2003/11/17 5:0 a.m.17 views

CVE-2003-0844

modgzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via 1 a symlink attack on predictable temporary filenames on Unix systems, or 2 an NTFS hard link on Windows systems when the...

7.1CVSS6.9AI score0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2003/10/09 4:0 a.m.21 views

CVE-2003-0843

Format string vulnerability in modgzipprintf for modgzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding...

7.8AI score0.02266EPSS
Exploits0References1
CVE
CVE
added 2003/10/09 4:0 a.m.60 views

CVE-2003-0843

CVE-2003-0843 concerns a format-string vulnerability in mod_gzip_printf within mod_gzip (v1.3.26.1a and earlier, possibly later builds) when running in debug mode and handling HTTP requests with Accept-Encoding: gzip. A remote attacker can cause arbitrary code execution by supplying format-string...

7.5CVSS7.8AI score0.02266EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/07/25 12:0 a.m.25 views

Potential remote root in CodeBlue log scanner

TITLE: Potential remote root in CodeBlue log scanner NAME: DEMI SEX GOD FROM HELL ADV 00001 DATE: YES, PLEASE MAIL ME IF YOU ARE FEMALE send pictures CRAZY TRACKING NUMBER THAT MAKES IT LOOK LIKE I HAVE SOME MASSIVE DATABASE OF JUAREZ: 7363A64B02 Props to dme@! Information ----------- About:...

7.7AI score
Exploits0
Rows per page
Query Builder