CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

seebug.org•added 2012/12/15 12:0 a.m.•30 views

zcncms 1.2.10 common.inc.php 登录绕过漏洞

No description provided by source...

seebug.org•added 2012/01/04 12:0 a.m.•20 views

phpcms 2008 /ads/include/ads_place.class.php sql注入漏洞

漏洞产生位置： /ads/include/adsplace.class.php function show$placeid …………............. else $ads = $this-db-getone"SELECT FROM ".DBPRE."ads a, $this-table p WHERE a.placeid=p.placeid AND p.placeid=$placeid AND a.fromdate=UNIXTIMESTAMP AND a.passed=1 AND a.status=1 ORDER BY rand LIMIT 1"; $contents =...

7.2AI score

myhack58•added 2011/08/12 12:0 a.m.•26 views

DedeCms v5. 6-5. 7 explosion serious security vulnerability free account and password directly into the background-bug warning-the black bar safety net

As is well known, due to the use of simple, customer base, and more, weaving dreams CMS has been broke many vulnerabilities. Today xiaobian in the group to get the woven dream official forum, a moderator and reliable message:“DEDECMS explosion serious security vulnerability, the recent official...

myhack58•added 2011/04/26 12:0 a.m.•18 views

phpstcms (STCMS music system) to bypass the backend authentication method-vulnerability warning-the black bar safety net

Published author: the mind Vulnerability type: background verification Vulnerability analysis: a music system-0-in! Throw in the hard disk is also equal to moldy, classic white look at the code. Vulnerability exists in“common.inc.php”file, as follows. phpstcms STCMS music system to bypass the...

myhack58•added 2011/01/08 12:0 a.m.•16 views

EasyTalk microblogging arbitrarily modify account vulnerability-vulnerability warning-the black bar safety net

Author: mind Vulnerability found in the latest version 5.01 the old version not the source code I do not know whether there Then again..look at the code...... See the file catalog file op.php ? php include'common.inc.php'; //load global variable $op = $GET'op'?$ GET'op':'login'; // because the...

0.7AI score

0day.today•added 2010/11/01 12:0 a.m.•45 views

MetInfo 2.0 PHP Code Injection Vulnerability

Exploit for php platform in category web applications ============================================ MetInfo 2.0 PHP Code Injection Vulnerability ============================================ Exploit TitleÂ£ÂºMetInfo 2.0 PHP Code Injection Vulnerability Date:2010-10-31 AuthorÂ£Âºlinux520.com...

Packet Storm•added 2010/11/01 12:0 a.m.•28 views

MetInfo 2.0 PHP Code Injection

Exploit Title£ºMetInfo 2.0 PHP Code Injection Vulnerability Date:2010-10-31 Author£ºlinux520.com Team£ºhttp://www.linux520.com/ Vendor£ºhttp://www.metinfo.cn/ Dork£º"Powered by MetInfo 2.0 " Google: 90,000 + results Price£º free Language£ºPHP Greetz£ºCCAV +Description£º at 132 line of...

Exploit DB•added 2010/10/31 12:0 a.m.•32 views

MetInfo 3.0 - PHP Code Injection

Exploit Title£ºMetInfo 3.0 PHP Code Injection Vulnerability Date:2010-10-31 Author£ºlinux520.com Team£ºhttp://www.linux520.com/ Vendor£ºhttp://www.metinfo.cn/ Dork£º"Powered by MetInfo 3.0 " Google: 400,000 + results Price£º free Language£ºPHP Greetz£ºCCAV +Description£º at 67 line of...

7AI score

exploitpack•added 2010/10/31 12:0 a.m.•14 views

MetInfo 3.0 - PHP Code Injection

MetInfo 3.0 - PHP Code Injection Exploit Title£ºMetInfo 3.0 PHP Code Injection Vulnerability Date:2010-10-31 Author£ºlinux520.com Team£ºhttp://www.linux520.com/ Vendor£ºhttp://www.metinfo.cn/ Dork£º"Powered by MetInfo 3.0 " Google: 400,000 + results Price£º free Language£ºPHP Greetz£ºCCAV...

0.2AI score

exploitpack•added 2010/10/31 12:0 a.m.•28 views

MetInfo 2.0 - PHP Code Injection

MetInfo 2.0 - PHP Code Injection Exploit Title£ºMetInfo 2.0 PHP Code Injection Vulnerability Date:2010-10-31 Author£ºlinux520.com Team£ºhttp://www.linux520.com/ Vendor£ºhttp://www.metinfo.cn/ Dork£º"Powered by MetInfo 2.0 " Google: 90,000 + results Price£º free Language£ºPHP Greetz£ºCCAV...

seebug.org•added 2010/06/09 12:0 a.m.•25 views

PHPCMS 2007网站管理系统common.inc.php页面变量覆盖漏洞

PHPCMS是一款基于 PHP+Mysql 架构的网站内容管理系统，也是一个开源的 PHP 开发平台。Phpcms 采用模块化方式开发，功能易用便于扩展，可面向大中型站点提供重量级网站建设解决方案。在文件incude/common.inc.php中： if!defined'INADMIN' //不是管理员则进入判断 if$CONFIG'dbiscache' $dbfile .= 'cache'; if$CONFIG'phpcache' == '2' $cachefileid = md5$PHPSELF.'?'.$PHPQUERYSTRING; $cachefiledir =...

0day.today•added 2010/03/16 12:0 a.m.•15 views

Free Real Estate Contact Form v1.09 - Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================================== Free Real Estate Contact Form v1.09 - Local File Inclusion Vulnerability ======================================================================== Application Info:...

0day.today•added 2010/03/16 12:0 a.m.•17 views

Short URL v1.01 - Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================== Short URL v1.01 - Local File Inclusion Vulnerability ==================================================== Application Info: Name: Short URL Version: 1.01 Vendor:...

Packet Storm•added 2010/03/15 12:0 a.m.•19 views

Ad Board Script 1.01 Local File Inclusion

local file include Author: ItSecTeam download from:http://www.phpkobo.com/scripts/AF201101/AF201101.zip script:Ad Board Script Version:1.01 Updated:2010-01-10 dork::D vul:/path/web/codelib/cfg/common.inc.php line 21: require "res.$LANGCODE.sys.inc.php" ; -----------------------------------------...

0day.today•added 2010/03/15 12:0 a.m.•15 views

Address Book Script v 1.09 - Local File Inclusion

Exploit for unknown platform in category web applications =============================================================== Address Book Script v 1.09 - Local File Inclusion Vulnerability =============================================================== Application Info: Name: Address Book Script...

Exploit DB•added 2010/03/13 12:0 a.m.•27 views

Ad Board Script 1.01 - Local File Inclusion

hi ------- local file include Author: ItSecTeam download from:http://www.phpkobo.com/scripts/AF201101/AF201101.zip script:Ad Board Script Version:1.01 Updated:2010-01-10 dork::D vul:/path/web/codelib/cfg/common.inc.php line 21: require "res.$LANGCODE.sys.inc.php" ;...

7.4AI score

myhack58•added 2009/06/27 12:0 a.m.•15 views

Php168 a local file inclusion vulnerability-vulnerability warning-the black bar safety net

Php168 a local file inclusion vulnerability Looking at the v6 version,in do/job. php file: ... elseifereg dividing"^-0-9a-zA-Z+$",$GETjob||ereg"^-0-9a-zA-Z+$",$POSTjob requiredirnameFILE."/"." global.php"; ifisfilePHP168PATH."inc/job/$job.php" includePHP168PATH."inc/job/$job.php"; Well,if you ope...

2.5AI score

seebug.org•added 2009/05/28 12:0 a.m.•14 views

织梦(DedeCms) V 5.3 任意变量覆盖漏洞

看核心文件include/common.inc.php中的代码 //检查和注册外部提交的变量 foreach$REQUEST as $k=$v if strlen$k0 && eregi'^|cfg|GLOBALS',$k && !isset$COOKIE$k //程序员逻辑混乱了？ exit'Request var not allow!'; 这个地方可以通过提交COOKIE变量绕过cfg等关键字的过滤接着是注册变量的代码 foreachArray'GET','POST','COOKIE' as $request foreach$$request as $k = $v $$k =...

seebug.org•added 2008/07/12 12:0 a.m.•16 views

Phpcms 2007 common.inc.php远程文件包含漏洞

该cms的核心配置文件/include/common.inc.php有缺陷 -------------------------------------------- //23行开始 @extract$POST, EXTROVERWRITE; @extract$GET, EXTROVERWRITE; unset$POST, $GET; ------------------------------------------------ 这里extract函数会导致变量覆盖，可能引发一系列的问题...