Vanilla: Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability

Summary: An authenticated admin user can inject an serialized payload into a phar archive and trigger read access to it via an unprotected fileexists. An attacker can leverage this to deserialize untrusted data and gain remote code execution. Notes: - You need to have an admin account to run this...

Vanilla: Vanilla Forums Xenforo password splitHash Unserialize Remote Code Execution Vulnerability

Summary: An authenticated admin user can inject an unserializable password in a another users account. Later when attempting a login with that user, the attacker can trigger a call to an unserialize in the splitHash function. By using a custom pop chain to write into the constants.php file, an...

JASmine <= 0.0.2 (index.php) Remote File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class JASmineNewsRemoteFileIncludePOCBase: vulID = '64073' version = '1' vulDate = '2006-10-17' author = ' '...

phpBB PlusXL <= 2.0_272 (constants.php) Remote File Include Exploit

No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class phpBBPlusXLRemoteFileIncludePOCBase: vulID = '64099' version = '1' vulDate = '2006-10-18' author = ' '...

phpBB PlusXL &lt;= 2.0_272 (constants.php) Remote File Include Exploit

No description provided by source. !/usr/bin/perl phpBB PlusXL 2.X biuld 272 Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high...

PHPCOIN 1.2.3 - session_set.php Remote File Inclusion

PHPCOIN 1.2.3 - sessionset.php Remote File Inclusion phpCOIN 1.2.3 CCFGPKGPATHINCL Remote Include Vulnerability Discovered by: Timq http://www.securitydb.org Email: timqathackernetworkdotcom http://www.securitydb.org Vulnerable: requireonce include $CCFG'PKGPATHINCL'.'redirect.php'; Exploit PoC:...

CVE-2006-3793

CVE-2006-3793 affects SiteDepth CMS 3.01 and earlier. The vulnerability is a PHP remote file inclusion in constants.php triggered by a URL in the SD_DIR parameter, enabling an attacker to execute arbitrary PHP code. The NVD listing notes a CVSS v2 base score of 5.1 (Medium) with network attack ve...

SiteDepth CMS 3.0.1 - &#039;SD_DIR&#039; Remote File Inclusion

Title: SiteDepth CMS = 3.0.1 - Remote File Include Vulnerability ------------------------------------------------------------------ Vendor: SiteDepth.com URL: http://sitedepth.com ------------------------------------------------------------------ Credits: Discovered by: "Aesthetico"...