EUVD-2006-2681

Malware in sbrugna...

Back-End CMS <= 0.7.2.2 (BE_config.php) Remote Include Vulnerability

No description provided by source. DEVIL TEAM THE BEST POLISH TEAM Back-End CMS - Remote File Include Vulnerabilities Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl Site of script: http://www.back-end.o...

Back-End CMS 0.4.5 Facts.php includes_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary...

Back-End CMS <= 0.7.2.1 (jpcache.php) Remote Include Vulnerability

No description provided by source. Federico Fazzi, [email protected] Back-end = 0.7.2.1 jpcache.php Remote command execution 08/06/2006 1:04 Bug: jpcache.php: line 40 --- $includedir = $PSL'classdir' . /jpcache; --- Proof of concept: Back-end have a default path pre-set on jpcache.php, and...

Back-End CMS 0.4.5 admin/index.php includes_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary...

CVE-2007-2097

Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includespath parameter to 1 click.php or 2 pollcollector.php in htdocs/; or 3 index.php, 4 articlepages.php, 5 articles.php, 6 articleform.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includespath parameter to 1 click.php or 2 pollcollector.php in htdocs/; or 3 index.php, 4 articlepages.php, 5 articles.php, 6 articleform.php...

CVE-2007-2099

CVE-2007-2099 affects OpenConcept Back-End CMS 0.4.7. The vulnerability is a cross-site scripting (XSS) in htdocs/php.php via the page[] parameter, allowing remote attackers to inject arbitrary script/HTML. The CVSSv2 vector (AV:N/AC:M/Au:N/C:P/I:P/A:P) yields a base score of 6.8 (MEDIUM) with ne...

CVE-2007-2097

OpenConcept Back-End CMS 0.4.7 is affected by CVE-2007-2097, a set of PHP remote file inclusion vulnerabilities. The flaw allows an attacker to execute arbitrary PHP code by providing a URL in the includes_path parameter to multiple PHP files in htdocs/site-admin/ (and related files in htdocs/). ...

CVE-2007-2097

Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includespath parameter to 1 click.php or 2 pollcollector.php in htdocs/; or 3 index.php, 4 articlepages.php, 5 articles.php, 6 articleform.php...

PT-2007-3439 · Openconcept · Openconcept Back-End Cms

Name of the Vulnerable Software and Affected Versions: OpenConcept Back-End CMS version 0.4.7 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the includes path parameter to various PHP files, including "click.php" and "pollcollector.php" in the htdocs...

backendcms-rfi.txt

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

backendcms-xss.txt

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

Back-End CMS Database Tables v0.4.7 Cross Site Scripting

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

Back-End CMS Database Tables v0.4.7 Remote File Include Vulnerabilities

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

Back-End CMS 0.4.5 - search.php?includes_path Remote File Inclusion

Back-End CMS 0.4.5 - search.php?includespath Remote File Inclusion source: https://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an...

Back-End CMS 0.4.5 - Facts.php?includes_path Remote File Inclusion

Back-End CMS 0.4.5 - Facts.php?includespath Remote File Inclusion source: https://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an...

Back-End CMS 0.4.5 - &#039;search.php?includes_path&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected...

Back-End CMS 0.4.5 - &#039;Facts.php?includes_path&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected...

Back-End CMS 0.4.5 - adminindex.php?includes_path Remote File Inclusion

Back-End CMS 0.4.5 - adminindex.php?includespath Remote File Inclusion source: https://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows ...