CMSmini 0.2.2 Local File Inclusion

Exploit for php platform in category web applications Exploit Title: CMSmini 0.2.2 Local File Inclusion Date: 2011.10.20 Author: I2Sec5-BSK Software Link: http://sourceforge.net/projects/cmsmini/ Version: CMSmini 0.2.2 Tested on: Windows XP --------------------------------------------------...

VMCPlayer 1.0 Denial of Service

Exploit for windows platform in category dos / poc done by BraniX www.hackers.org.pl found: 2011.03.22 published: 2011.03.22 tested on: Windows XP SP3 Home Edition App: VMCPlayer 1.0 App Url: http://files.videomobileconverter.com/vmcplayer.exe VMCPlayer.exe MD5: 8a98ffbb404731f8f5ffbf3eaf30a327...

VMCPlayer 1.0 Denial Of Service

done by BraniX www.hackers.org.pl found: 2011.03.22 published: 2011.03.22 tested on: Windows XP SP3 Home Edition App: VMCPlayer 1.0 App Url: http://files.videomobileconverter.com/vmcplayer.exe VMCPlayer.exe MD5: 8a98ffbb404731f8f5ffbf3eaf30a327 VMCPlayer can be DoS'ed in two or probably more ways...

MetInfo 2.0 PHP代码注入漏洞

MetInfo企业网站管理系统是一个功能完善的营销型企业网站管理平台，PHP+MYSQL架构 MetInfo 2.0的/include/common.inc.php文件第132行： evalbase64decode$class2all10; $class2all10变量未初始化，因此我们可以控制其值，进行代码注入的利用。 MetInfo 2.0 SEBUG临时解决方法： 对$class2all10变量进行初始化 厂商补丁： metinfo ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.metinfo.cn...

Поиск уязвимостей в веб приложениях

В этой статье я собрал интересные на мой взгляд ошибки в php скриптах. Но для начала, описание некоторых параметров PHP-интерпретатора: Цитата: registerglobals = ON - все переменные регистрируются как глобальные; magicquotesgpc = ON - в массивах POST, GET, COOKIE экранируются кавычки и опасные...

School Data Navigator (page) Local/Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ====================================================================== School Data Navigator page Local/Remote File Inclusion Vulnerability ======================================================================...

Podcast Generator 1.2 - 'GLOBALS[]' Multiple Vulnerabilities

++ | Podcast Generator RFI | | | magicquotesgpc=off -- LFI | +-------------------------+-----------------------------------------------------------+ | delete.php?GLOBALSamilogged=true&file&GLOBALSabsoluteurl= | | admin.php?p=admin&GLOBALSabsoluteurl= | |...

Webboard <= v.2.90 beta Remote File Disclosure Vulnerability

No description provided by source. Webboard = v.2.90 beta Remote File Disclosure Vulnerability ============================================================= Author: MrDoug Email: mrdoug13 at gmail dot com Greetz to all my friends ============================================================= There...

Webboard 2.90 Beta File Disclosure

Webboard = v.2.90 beta Remote File Disclosure Vulnerability ============================================================= Author: MrDoug Email: mrdoug13 at gmail dot com Greetz to all my friends ============================================================= There are 3 vulnerable calls to fopen in...

212Cafe WebBoard 2.90 Beta - Remote File Disclosure

212Cafe WebBoard 2.90 Beta - Remote File Disclosure Webboard = v.2.90 beta Remote File Disclosure Vulnerability ============================================================= Author: MrDoug Email: mrdoug13 at gmail dot com Greetz to all my friends...

Webboard <= v.2.90 beta Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ============================================================ Webboard = v.2.90 beta Remote File Disclosure Vulnerability ============================================================ Webboard = v.2.90 beta Remote File Disclosure Vulnerabili...

212Cafe WebBoard 2.90 Beta - Remote File Disclosure

Webboard = v.2.90 beta Remote File Disclosure Vulnerability ============================================================= Author: MrDoug Email: mrdoug13 at gmail dot com Greetz to all my friends ============================================================= There are 3 vulnerable calls to fopen in...

Zoom Player Pro 3.30 - .m3u Local Buffer Overflow (SEH)

Zoom Player Pro 3.30 - .m3u Local Buffer Overflow SEH ?php / Zoom Player Pro v.3.30 .m3u file buffer overflow exploit seh by Nine:Situations:Group::surfista seems the same of http://secunia.com/advisories/28214/ bug found by Luigi Auriemma no full working exploit out, so I made my test version / ...

Coppermine Photo Gallery 1.4.19 File Upload

Written By Michael Brooks Special thanks to str0ke! Coppermine Photo gallery - Remote PHP File Upload Affects: v1.4.19 Homepage: http://coppermine-gallery.net/ 5,239,057 downloads from sf.net! For this attack we need registerglobals=on . The problem is that the anti-registerglobals security can b...

Gallery Kys 1.0 Admin Password Disclosure / Permanent XSS Vulns

No description provided by source. START 0x01 Informations: Script : Gallery Kys 1.0 Download : http://www.advancescripts.com/djump.php?ID=6285 Vulnerability : Admin Password Disclosure / Permanent XSS Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bug: Admin Passwor...

Gallery Kys 1.0 - Admin Password Disclosure Persistent Cross-Site Scripting

Gallery Kys 1.0 - Admin Password Disclosure Persistent Cross-Site Scripting START 0x01 Informations: Script : Gallery Kys 1.0 Download : http://www.advancescripts.com/djump.php?ID=6285 Vulnerability : Admin Password Disclosure / Permanent XSS Author : Osirys Contact : osirysatlivedotit Website :...

dedecms v5. 1 vulnerability-the vulnerability warning-the black bar safety net

\include\incbookfunctions.php --------------------------------------------------- ...... function WriteBookText$cid,$body span id="more-1 9 4 4"/span global $cfgcmspath,$cfgbasedir; $ipath = $cfgcmspath."/ data/textdata"; $tpath = ceil$cid/5 0 0 0; if! isdir$cfgbasedir.$ ipath...

CYASK 3.x (collect.php neturl) Local File Disclosure Vulnerability

No description provided by source. This vulnerability leads to that the attacker can read any file on your webserver when it installs cyask. The $neturl variable in collect.php is short of enough check. When the attacker registers a new user, he can pass the user check and then submit any filenam...

Debian Security Advisory DSA 168-1 (PHP3, PHP4)

The remote host is missing an update to PHP3, PHP4 announced via advisory DSA 168-1. OpenVAS Vulnerability Test $Id: deb1681.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 168-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Tikiwiki CMS tiki-listmovies.php文件目录遍历漏洞

BUGTRAQ ID: 27008 TikiWiki是一款网站内容管理系统，基于PHP+ADOdb+Smarty等技术构建。 TikiWiki的实现上存在输入验证漏洞，远程攻击者可能利用此漏洞非授权访问到服务器上任意文件的部分内容。 TikiWiki的tiki-listmovies.php脚本允许用户获得任意文件的前1000个字节。该脚本将movie参数值设置为$movie，删除最后4字节并添加.xml扩展名，然后调用fopen$confFile,'r'打开文件并读取文件的前1000个字节，接着传送这1000字节用作MovieWidth和MovieHeight...