EUVD-2008-3299

Malware in sbrugna...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...

CVE-2008-3311

PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...

CVE-2008-3311

CVE-2008-3311 concerns a PHP remote file inclusion vulnerability in config.php of Adam Scheinberg Flip 3.0. The issue allows an attacker to cause remote PHP code execution by supplying a URL in the incpath parameter. Public references in the connected documents corroborate PHP RFI as the underlyi...

Flip 3.0 - config.php Remote File Inclusion

Flip 3.0 - config.php Remote File Inclusion source: https://www.securityfocus.com/bid/30312/info Flip is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of th...

Improper access control

Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt...

CVE-2007-5062

account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action...

CVE-2007-5062

The CVE-2007-5062 entry relates to the Flip 3.0 (and earlier) web application by Adam Scheinberg, where the vulnerable component is account.php. The underlying issue allows remote attackers to create administrative accounts via the un parameter in a register action, enabling privilege escalation ...

CVE-2007-5063

CVE-2007-5063 affects Flip 3.0 and earlier, where sensitive information is stored under the web root with insufficient access control. An unauthenticated remote attacker can directly request var/users.txt and download a file containing login credentials. The provided documents do not specify affe...

Flip 3.0 - Remote Admin Creation

Flip 3.0 - Remote Admin Creation !/usr/bin/perl use strict; use IO::Socket; use Getopt::Std; my $app = "Flip ; print "password you want: "; my $pass = ; chomp$user; chomp$pass; createadmin$url, $user, $pass; sub createadmin my $url = shift; my $user = shift; my $pass = shift; print "creating admi...

Flip 3.0 - Remote Admin Creation

!/usr/bin/perl use strict; use IO::Socket; use Getopt::Std; my $app = "Flip ; print "password you want: "; my $pass = ; chomp$user; chomp$pass; createadmin$url, $user, $pass; sub createadmin my $url = shift; my $user = shift; my $pass = shift; print "creating admin ... \t"; my $content =...

Flip <= 3.0 Remote Password Hash Disclosure Exploit

Exploit for unknown platform in category web applications =================================================== Flip = 0; $data = substr$data, $index1+4; $index1 = 0; printf "%-20s %-32s\n", "username", "md5 hash"; while$index1 = index$data, "\n" = 0 my $hash = substr$data, 0, 32; my $index2 =...