miniCWB 1.0.0 - 'contact.php' Local File Inclusion

DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon TomZen, Gelo, Ramzes, DMX,...

CVE-2006-5764

The CVE-2006-5764 entry concerns Free File Hosting (version 1.1 and earlier). The vulnerability is a PHP remote file inclusion in contact.php that allows an attacker to execute arbitrary PHP code by supplying a URL in the AD_BODY_TEMP parameter. The risk is described as affecting remote code exec...

CVE-2006-5671

PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ADBODYTEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...

CVE-2006-5671

CVE-2006-5671 is a PHP remote file inclusion vulnerability affecting Free Image Hosting 1.0 and earlier. The issue is triggered via the AD_BODY_TEMP parameter in contact.php, allowing an attacker to supply a URL that leads to remote PHP code execution. The vulnerability is classified with a high ...

Pie Cart Pro - Inc_Dir Remote File Inclusion

Pie Cart Pro - IncDir Remote File Inclusion ==================================================================== Pie Cart Pro = IncDir Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By SnIpErSA...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

XSS vulnerability on AWBS

AWBS=Advanced Webhost Billing System Exploit; 1.http://site adres/contact.php?action=submit&Name='scriptalert'XSS Vulnerability'3B/script&EmailAddress=1&AccountUsername=1&Message=1 2.http://site adres/contact.php?action=submit&Name=1&EmailAddress=1&AccountUsername='scriptalert'XSS...

CVE-2006-3956

Multiple cross-site scripting XSS vulnerabilities in contact.php in Advanced Webhost Billing System AWBS 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 AccountUsername and 3 Message parameters...

CVE-2006-3956

AWBS 2.2.2 contains multiple cross-site scripting (XSS) vulnerabilities in contact.php that allow remote injection of arbitrary script/HTML via the Name, AccountUsername, and Message parameters. The issue is described as XSS in AWBS 2.2.2; no further technical details (such as exact root cause, a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...

CVE-2006-1133

Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...

CVE-2006-1133

CVE-2006-1133 concerns vbZoom/VBZooM 1.11, where cross-site scripting (XSS) is possible via the UserID parameter passed to comment.php or contact.php. The vulnerability is described as multiple XSS flaws, enabling remote attackers to inject arbitrary script/html. The record notes that the profile...