CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2006/11/18 12:0 a.m.•26 views

comdev41.txt

Comdev One Admin Pro.v4.1 pathskin Remote File include Found by : AG-Spider C0ntAct : AG-Spider at msn dot com Affected Software : One Admin Pro.v4.1 Download Script : http://www.conovo.de/script/OneAdminPro.v4.1.zip KaBaRa.HaCk.eGy KILLERxXx CRASHOVERRIDE SwEEt-deVil Young Hacker Arab Security...

7.4AI score

securityvulns•added 2006/11/17 12:0 a.m.•25 views

Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include

0.4AI score

seebug.org•added 2006/10/25 12:0 a.m.•13 views

多个Comdev产品adminfoot.php远程文件包含漏洞

Comdev是一家软件开发公司，提供多种商业Web组件。多个Comdev产品在处理用户请求时存在输入验证漏洞，远程攻击者可能利用漏洞在服务器上以Web进程权限执行任意命令。多个Comdev产品的adminfoot.php脚本没有正确过滤对pathdocroot参数的输入，允许攻击者通过包含本地或外部资源的文件执行任意PHP代码。成功攻击要求打开了registerglobals。 Comdev Web Blogger 4.1 Comdev One Admin Pro 4.1 Comdev Misc Tools 4.1 Comdev Forum 4.1 Comdev Form...

7.1AI score

NVD•added 2006/10/20 11:7 p.m.•10 views

CVE-2006-5438

PHP remote file inclusion vulnerability in adminfoot.php in Comdev Forum 4.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter. NOTE: the provenance of this information is unknown; the details are obtained from third par...

7.5CVSS7.3AI score0.00741EPSS

NVD•added 2006/10/20 11:7 p.m.•7 views

CVE-2006-5439

PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter. NOTE: the provenance of this information is unknown; the details are obtained from thir...

7.5CVSS7.3AI score0.00783EPSS

Cvelist•added 2006/10/20 11:0 p.m.•10 views

CVE-2006-5439

7.3AI score0.00783EPSS

CVE•added 2006/10/20 11:0 p.m.•41 views

CVE-2006-5440

The CVE-2006-5440 entry describes a PHP remote file inclusion in Comdev Form Designer 4.1, specifically in adminfoot.php. The root cause is the use of register_globals, enabling an attacker to supply a URL in the path[docroot] parameter to execute arbitrary PHP code on the server. This results in...

7.5CVSS7.6AI score0.00741EPSS

Cvelist•added 2006/10/20 11:0 p.m.•15 views

CVE-2006-5441

PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter. NOTE: the provenance of this information is unknown; the details are obtained from thi...

7.2AI score0.00874EPSS

CVE•added 2006/10/20 11:0 p.m.•40 views

CVE-2006-5438

CVE-2006-5438 : PHP remote file inclusion in adminfoot.php of Comdev Forum 4.1 when register_globals is enabled. An attacker can supply a URL in the path[docroot] parameter to execute arbitrary PHP code remotely. The provided documents do not include explicit remediation steps. Exploitation statu...

7.5CVSS7.6AI score0.00741EPSS

CVE•added 2006/10/20 11:0 p.m.•49 views

CVE-2006-5439

The CVE-2006-5439 issue affects Comdev Misc Tools 4.1: PHP remote file inclusion in adminfoot.php when register_globals is enabled. An attacker can execute arbitrary PHP code by supplying a crafted URL in the path[docroot] parameter. The NVD description confirms the vulnerability and impact (part...

7.5CVSS7.6AI score0.00783EPSS

CVE•added 2006/10/20 11:0 p.m.•52 views

CVE-2006-5441

CVE-2006-5441 : In Comdev Web Blogger 4.1, the adminfoot.php file is vulnerable to PHP remote file inclusion when register_globals is enabled. An attacker can supply a URL in the path[docroot] parameter to execute arbitrary PHP code. This is exercised via a remote inclusion vector and is describe...

7.5CVSS7.3AI score0.00874EPSS

Cvelist•added 2006/10/20 11:0 p.m.•11 views

CVE-2006-5438

7.3AI score0.00741EPSS

Packet Storm•added 2006/10/20 12:0 a.m.•24 views

ComdevOneAdmin4.1.txt

// http://www.w4cking.com CREDIT: w4ck1ng.com PRODUCT: Comdev One Admin 4.1 http://www.comdevweb.com/oneadmin.php VULNERABILITY: Remote File Inclusion NOTES: - requires register globals on - requires magic quotes off POC: //oneadmin/adminfoot.php?pathdocroot= ADVISORY & EXPLOIT requires...

7.4AI score

securityvulns•added 2006/10/19 12:0 a.m.•38 views

Comdev One Admin 4.1 Remote File Inclusion

// http://www.w4cking.com CREDIT: w4ck1ng.com PRODUCT: Comdev One Admin 4.1 http://www.comdevweb.com/oneadmin.php VULNERABILITY: Remote File Inclusion NOTES: - requires register globals on - requires magic quotes off POC: host/path/oneadmin/adminfoot.php?pathdocroot=local/remote file ADVISORY &...

0.6AI score

exploitpack•added 2006/10/16 12:0 a.m.•15 views

Comdev One Admin 4.1 - Adminfoot.php Remote Code Execution

Comdev One Admin 4.1 - Adminfoot.php Remote Code Execution !/usr/bin/php //oneadmin/adminfoot.php?pathdocroot= Googledork: inurl:/oneadmin/ w4ck1ng - w4ck1ng.com / if!$argv3 die"Usage: php $argv0 host path command\n Usage Example: php $argv0 domain.com /dolphin/ whoami\n"; function send$host, $pu...

0.5AI score

Exploit DB•added 2006/10/16 12:0 a.m.•30 views

Comdev One Admin 4.1 - 'Adminfoot.php' Remote Code Execution

!/usr/bin/php //oneadmin/adminfoot.php?pathdocroot= Googledork: inurl:/oneadmin/ w4ck1ng - w4ck1ng.com / if!$argv3 die"Usage: php $argv0 host path command\n Usage Example: php $argv0 domain.com /dolphin/ whoami\n"; function send$host, $put global $data; $conn = fsockopen gethostbyname$host,"80" ;...

7.4AI score