18 matches found
openSUSE Security Update : roundcubemail (openSUSE-SU-2014:0365-1)
roundcubemail was updated to 0.9.5 to fix bugs and security issues. Fixed security issues : - CVE-2013-6172: vulnerability in handling session argument of utils/save-prefs New upstream release 0.9.5 bnc847179 CVE-2013-6172 - Fix failing vCard import when email address field contains spaces - Fix...
FreeBSD : phpMyAdmin -- Path disclosure due to missing verification of file presence (a81161d2-790f-11e1-ac16-e0cb4e266481)
The phpMyAdmin development team reports : The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be s...
Family Connections CMS 2.5.02.7.1 - less.php Remote Command Execution
Family Connections CMS 2.5.02.7.1 - less.php Remote Command Execution $theme = isset$argv1 ? $argv1 : 'default'; system"clear"; if fileexists"$dir/themes/$theme/style.css" echo "\n themes/$theme/style.css already exists.\n\n"; echo "Overwrite y/n ? "; $handle = fopen "php://stdin","r"; $line =...
openSite 0.2.2 Beta Local File Inclusion
opensite-v0.2.2-beta === Local File Include vuln By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/contentone/files/openSite/opensite-v0.2.2-beta/opensite-v0.2.2-beta.zip/download ========================================= xpl :...
CVE-2009-3815
RunCMS 2M1, when running with certain errorreporting levels, allows remote attackers to obtain sensitive information via 1 the op parameter to modules/contact/index.php or 2 uid parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a ca...
CVE-2009-3815
CVE-2009-3815 affects RunCMS 2M1. When run with certain error_reporting levels, remote attackers can access sensitive information via the op[] parameter to modules/contact/index.php or the uid[] parameter to userinfo.php, causing an error message to leak the installation path through preg_match. ...
cpCommerce 1.2.x File Inclusion
!/usr/bin/perl cpCommerce 1.2.x GLOBALSprefix Arbitrary File Inclusion Exploit by staker mail: stakerathotmaildotit url: http://cpcommerce.cpradio.org it works with registerglobals=on if you wanna carry out a LFI - mq=off short explanation: cpCommerce contains one flaw that allows an attacker to...
VideoScript 3.0 4.1.5.55 - Unofficial Shell Injection
VideoScript 3.0 4.1.5.55 - Unofficial Shell Injection ?php ============================================= = x VideoScript 3.0 = 4.1.5.55 Unofficial Shell Injection Exploit = = x by G4N0K = ============================================= errorreportingEALL; $G4N0K...
yuhhu-sql.txt
."; $bul=pregmatch$ara,$tuttum,$rmx; $huseyin=strreplace"class="linkbeyaz"","",$rmx; echo $site.""; echo $huseyin0; ? author : Dj Remix...
LinPHA <= 1.3.3 (maps plugin) Remote Command Execution Exploit
No description provided by source. ?php / -------------------------------------------------------------- LinPHA = 1.3.3 maps plugin Remote Command Execution Exploit -------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...
gcards-sql-exec.txt
!/usr/bin/php -q -d shortopentag=on ?php errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout",5; if $argc4 print "-------------------------------------------------------------------------\r\n"; print " gCards = 1.46 SQL Injection/Remote Code Execution Exploit\r\n"; print...
Php-Stats <= 0.1.9.1b (php-stats-options.php) admin 2 exec() eExploit
No description provided by source. ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b admin 2 exec exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork example: inurl:php-stats.js.php...
Quick.CMS.Lite 0.3 - Cookie sLanguage Local File Inclusion
DEVIL TEAM IRC: 72.20.18.6:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon TomZen, Gelo, Ramzes, DMX, Ci2u,...
Quick.Cms.Lite <= 0.3 (Cookie sLanguage) Local File Include Exploit
Exploit for unknown platform in category web applications =================================================================== Quick.Cms.Lite = 0.3 Cookie sLanguage Local File Include Exploit =================================================================== ? print ' ::::::::: :::::::::: ::: :::...
MDPro <= 1.0.76 (Cookie: PNSVlang) Local File Include Exploit
Exploit for unknown platform in category web applications ============================================================= MDPro = 1.0.76 Cookie: PNSVlang Local File Include Exploit ============================================================= ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :...
Ascended Guestbook <= 1.0.0 (embedded.php) File Include Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+:...
MyBloggie 2.1.4 - trackback.php Multiple SQL Injections
MyBloggie 2.1.4 - trackback.php Multiple SQL Injections !/usr/bin/php -q -d shortopentag=on = 4.1 allowing subs / if $argctrackbackreply1, "Sorry, Trackback failed.. Reason : No title"; if!empty$REQUEST'url' $url=urldecode$REQUEST'url'; if validateurl$url==false $tback-trackbackreply1, "Sorry,...
Claroline 1.7.4 - 'scormExport.inc.php' Remote Code Execution
!/usr/bin/php -q -d shortopentag=on works with registerglobals = On & allowurlfopen = On\r\n\r\n"; echo "dork: "Powered by Claroline" -demo\r\n\r\n"; if $argc5 echo "Usage: php ".$argv0." host path location OPTIONS\r\n"; echo "host: target server ip/hostname\r\n"; echo "path: path to...