PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV43$2006 ------------------------------------------------------------------------------ ECHOADV43$2006 PHP Live Helper = 2.0 abspath Remote File Inclusion...

PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV44$2006 ------------------------------------------------------------------------------ ECHOADV44$2006 PHP Simple Shop = 2.0 abspath Remote File Inclusion...

MyBlog 0.9.8 Settings.PHP Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23521/info MyBlog is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and then access or overwrite files with arbitrary PHP script code. Script code...

Gallery 1.4 index.php Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8814/info It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includes the...

YapBB 1.2 'class_yapbbcooker.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30686/info YapBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP...

Ottoman CMS <= 1.1.3 (default_path) Remote File Inclusion Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; Jacek Wlodarczyk j4ck - jacekwloatgmaildotcom Title: Ottoman CMS = 1.1.3 Remote File Inclusion Exploit Application: Ottoman Content Management System Version: 1.1.3 and prior Url: http://www.lowter.com/p/ottoman Affected software...

Mambo Open Source 4.5/4.6 mod_mainmenu.php Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9445/info It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a...

Pearl Forums 2.4 - Multiple Remote File Include Vulnerabilities

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '64261' ssvid version = '1.0' author = 'kikay' vulDate = '2006-11-21' createDate ...

PHPOutsourcing Zorum 3.x Remote Include Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6669/info It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrary PHP script containing commands...

GNUBoard 4.31.04 (09.01.30) Multiple Local/Remote Vulnerabilities

No description provided by source. GNUBoard V4.31.04 09.01.30 Multiple Local/Remote Vulnerability bY [email protected] / SIR GNUBoard VERSION 4.31.04 09.01.30is a widely used bulletin board system of Korea. It is freely available for all platforms that supports PHP and MySQL. But we find a file...

SimpleBBS 1.0.6/1.0.7/1.1 - Remote Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17501/info SimpleBBS is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to...

TextPattern <= 1.19 (publish.php) Remote File Inclusion Vulnerability

No description provided by source. ---------------------------------------------------------------------------- TextPattern =g1.19 txpcfgtxpath Remote File Inclusion Vulnerability ---------------------------------------------------------------------------- Author : Zeni Susanto A.K.A Bithedz Date...

WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

No description provided by source. ============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted...

Chatness <= 2.5.3 (options.php/save.php) Remote Code Execution Exploit

No description provided by source. ?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.ph...

PHPWebSite 0.x Image File Processing Remote Arbitrary PHP File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12653/info phpWebSite is reported prone to a remote arbitrary PHP file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded when submitting an...

Shop-Script FREE <= 2.0 - Remote Command Execution Exploit

No description provided by source. ?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo --------------------------------------------------------\n; echo Shop-Script...

Xcms 1.1/1.7 Password Parameter Arbitrary PHP Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25771/info Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary...

omegabill 1.0 build 6 - Multiple Vulnerabilities

No description provided by source. Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution...

Ultimate PHP Board 1.9 admin_iplog.PHP Arbitrary PHP Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7678/info A vulnerability has been reported in Ultimate PHP Board. The problem is said to occur due to insufficient sanitization of user-supplied input before including log data into a PHP file. As a result, it may be...

ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit

No description provided by source. ?/ File: shoutbox.php Affects: ShoutPro 1.5.2 may affect earlier versions Date: 17th April 2007 Issue Description: =========================================================================== ShoutPro 1.5.2 fails to fully sanitize user input $shout that it writes...