CVE-2008-2340

CVE-2008-2340 affects News Manager 2.0 with multiple SQL injection vulnerabilities. Remote attackers can exploit the (1) lang parameter in advsearch.php, archive.php, and index.php, and the (2) pid parameter in list_tagitems.php to execute arbitrary SQL commands. The entry is documented with a hi...

CVE-2008-0255

SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter...

CVE-2008-0255

CVE-2008-0255 affects iGaming archive.php vulnerable versions 1.5 and 1.3.1 and earlier. The root cause is an SQL injection via the section parameter, allowing remote attackers to execute arbitrary SQL commands. Impact per sources is partial confidentiality, integrity, and availability. The NVD e...

backupword-rfi.txt

--------------------------------- Xmors Underground Team ! -------------------------------------- Title : BackUpWordPress = 0.4.2b Remote File Inclusion Vulnerability -------------------------------------------------------------------------------- Author: S.W.A.T. cont@ct: [email protected]...

NcasterCMS Archive.PHP远程文件包含漏洞

NcasterCMS是一款基于PHP的WEB应用程序。 NcasterCMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以应用程序进程权限执行任意命令。 问题是由于'Archive.PHP'脚本对用户提交的'adminfolder'参数缺少过滤，提交远程服务器上的任意PHP文件作为包含对象，可导致以WEB权限执行任意PHP代码。 Nathan O'shea NcasterCMS 1.7.2 目前没有解决方案提供： http://www.ncastercms.com/...

CVE-2007-4320

CVE-2007-4320 pertains to Ncaster 1.7.2, where a PHP remote file inclusion vulnerability exists in admin/addons/archive/archive.php. The flaw allows remote attackers to execute arbitrary PHP code by supplying a URL through the adminfolder parameter. Public references (Exploit-DB, Secunia, X-Force...

ncaster-rfi.txt

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Scripts : Ncaster 1.7.2 Discovered By : k1n9k0ng Scripts site : http://ncastercms.com/downloads/ncaster172.zip Thanks To : sekuritionline, semprol, mimid, r.i.p, x-code, yogyafree special To : adhietslank,...

Ncaster 1.7.2 - archive.php Remote File Inclusion

Ncaster 1.7.2 - archive.php Remote File Inclusion +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Scripts : Ncaster 1.7.2 Discovered By : k1n9k0ng Scripts site : http://ncastercms.com/downloads/ncaster172.zip Thanks To : sekuritionline, semprol, mimid,...

Ncaster 1.7.2 (archive.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications =============================================================== Ncaster 1.7.2 archive.php Remote File Inclusion Vulnerability ===============================================================...

shnew31-rfi.txt

Found By : Hasadya Raed Contact : [email protected] --------------------------- Script : SH-News 3.1 Dork : "Powered by SH-News 3.1" Greetz : Guardian Information Systems --------------------------- B.Files : report.php archive.php comments.php init.php news.php Exploits :...

CVE-2007-1965

Multiple cross-site scripting XSS vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the setlang parameter to 1 archive.php, 2 article.php, 3 index.php, or 4 topics.php...

Simplog Archive.PHP SQL注入漏洞

Simplog是一款基于PHP的WEB应用程序。 Simplog不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'CopyCactiUser.PHP'脚本对用户提交的'pid'参数缺少过滤，提交恶意脚本代码作为参数数据，可导致获得敏感信息。 Simplog Simplog 0.9.3 .2 目前没有解决方案提供： http://www.simplog.org/...

simplog0932.txt

Afected Software: simplog up to 0.9.3.2 latest version - 12/05/2006 Site: http://www.simplog.org Simplog provides an easy way for users to add blogging capabilities to their existing websites. Simplog is written in PHP and compatible with multiple databases. Simplog also features an RSS/Atom...

Simplog 0.9.3 - 'archive.php' SQL Injection

source: https://www.securityfocus.com/bid/21843/info Simplog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...

CVE-2006-6732

PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter...

CWMVote Archive.PHP远程文件包含漏洞

CWMVote是一款基于PHP的WEB应用程序。 CWMVote不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Archive.php'脚本对用户提交的'abs'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 cwm-design cwmVote 1.0 http://explorer.cwm-design.de/index.php?d=41 http://www.example.com/cwmvotepath/archive.php?abs=http://Shellscript...

cwmVote 1.0 File Include Vulnerability

cwmVote 1.0 File Include Vulnerability F0und3R: bd0rk || SOH-Crew Website: www.soh-crew.it.tt Download: http://explorer.cwm-design.de/dirs/41/cwmVote.rar Vulnerable Code in archive.php Code: include$abs."inc/functions.inc.php"; include$abs."inc/conf.mysql.inc.php";...

cwmVote 1.0 (archive.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications =========================================================== cwmVote 1.0 archive.php Remote File Include Vulnerability =========================================================== cwmVote 1.0 File Include Vulnerability F0und3R: bd0rk ||...

cwmVote 1.0 - archive.php Remote File Inclusion

cwmVote 1.0 - archive.php Remote File Inclusion cwmVote 1.0 File Include Vulnerability F0und3R: bd0rk || SOH-Crew Website: www.soh-crew.it.tt Download: http://explorer.cwm-design.de/dirs/41/cwmVote.rar Vulnerable Code in archive.php Code: include$abs."inc/functions.inc.php";...

cwmVote 1.0 (archive.php) Remote File Include Vulnerability

No description provided by source. cwmVote 1.0 File Include Vulnerability F0und3R: bd0rk || SOH-Crew Website: www.soh-crew.it.tt Download: http://explorer.cwm-design.de/dirs/41/cwmVote.rar Vulnerable Code in archive.php Code: include$abs."inc/functions.inc.php";...