EUVD-2012-6579

Malware in sbrugna...

CVE-2012-10034

CVE-2012-10034 affects ClanSphere 2011.3 with a local file inclusion (LFI) flaw caused by improper handling of the cs_lang cookie parameter; unsanitized input enables directory traversal and reading files outside the web root, with null byte (%00) injection to bypass file extension checks. Public...

CVE-2012-10034 ClanSphere 2011.3 Local File Inclusion via cs_lang Cookie

ClanSphere 2011.3 is vulnerable to a local file inclusion LFI flaw due to improper handling of the cslang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further...

ClanSphere 安全漏洞

ClanSphere is a web content management system from the ClanSphere organization. A security vulnerability exists in ClanSphere version 2011.3 that stems from not properly handling the cslang cookie parameter, which could lead to local file inclusion...

ClanSphere 2011.3 Local File Inclusion / Remote Code Execution

Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Inclusion Vulnerability Google Dork: "Copyright 2012 Seitentitel. All rights reserved." || inurl:index.php?mod=clansphere Date: 10/24/2012 Author: Marco Tulio blkhtc0rp Vendor Homepage: http://www.csphere.eu Version: 2011.3 Teste...

ClanSphere 2011.3 Local File Inclusion / Remote Code Execution Vulnerabilities

ClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cslang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell. Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Inclusion...