CVE-2006-6546

CVE-2006-6546 pertains to PHP remote file inclusion in inc/shows.inc.php of cutenews aj-fork (CN:AJ) version 167f and earlier. The underlying issue is an RFI vulnerability where an attacker can supply a URL via the cutepath parameter to cause arbitrary PHP code execution on the affected server. T...

CuteNews Aj-fork Shows.Inc.PHP远程文件包含漏洞

CuteNews Aj-fork是一款基于PHP的WEB应用程序。 CuteNews Aj-fork不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞以WEB进程权限执行任意指令。 问题是'Shows.Inc.PHP'脚本对用户提交的WEB参数缺少过滤，指定远程服务器上的任意文件作为包含对象，可导致以进程权限执行任意指令。 Cutenews Aj-fork Cutenews Aj-fork beta http://sourceforge.net/projects/ajfork...

cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

=========================================================================================================== DeltasecurityTEAM www.Deltasecurity.ir =========================================================================================================== Portal Name : cutenews aj-fork Class =...

cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

No description provided by source. =========================================================================================================== DeltasecurityTEAM www.Deltasecurity.ir =========================================================================================================== Portal...

CuteNews aj-fork 167f - cutepath Remote File Inclusion

CuteNews aj-fork 167f - cutepath Remote File Inclusion =========================================================================================================== DeltasecurityTEAM www.Deltasecurity.ir...

cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ===================================================================== cutenews aj-fork = 167f cutepath Remote File Include Vulnerability =====================================================================...

CuteNews aj-fork 167f - &#039;cutepath&#039; Remote File Inclusion

=========================================================================================================== DeltasecurityTEAM www.Deltasecurity.ir =========================================================================================================== Portal Name : cutenews aj-fork Class =...

Linux Kernel 2.6.13 <= 2.6.17.4 sys_prctl() Local Root Exploit (2)

Exploit for linux platform in category local exploits ================================================================== Linux Kernel 2.6.13 = 2.6.13 prctl kernel exploit C Julien TINNES If you read the Changelog from 2.6.13 you've probably seen: PATCH setuid core dump This patch mainly adds...

GLSA-200606-19 : Sendmail: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200606-19 Sendmail: Denial of Service Frank Sheiness discovered that the mime8to7 function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impa...

linux/x86 TCP Proxy Shellcode 236 bytes

Exploit for linux/x86 platform in category shellcode ======================================= linux/x86 TCP Proxy Shellcode 236 bytes ======================================= // proxylib.c - is located at http://www.milw0rm.com/id.php?id=1476 /str0ke / hey all.. this is my attempt at a very small...

linux/x86 Bind /bin/sh to 31337/tcp + fork() 98 bytes

Exploit for linux/x86 platform in category shellcode ===================================================== linux/x86 Bind /bin/sh to 31337/tcp + fork 98 bytes ===================================================== / linux/x86 bind '/bin/sh' to 31337/tcp + fork - 98 bytes - izik / char shellcode =...

linux/x86 Bind /bin/sh to 31337/tcp + fork() 98 bytes

No description provided by source. / linux/x86 bind '/bin/sh' to 31337/tcp + fork - 98 bytes - izik [email protected] / char shellcode = "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x99" // cltd "\x6a\x01" // push $0x1 "\x5b" // pop %ebx "\x52" // push %edx "\x53" // push %ebx "\x6a\x02" // push $0...

linux/x86 Bind /bin/sh to 31337/tcp + fork 98 bytes

linux/x86 Bind /bin/sh to 31337/tcp + fork 98 bytes. Shellcode exploit for linx86 platform / linux/x86 bind '/bin/sh' to 31337/tcp + fork - 98 bytes - izik / char shellcode = "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x99" // cltd "\x6a\x01" // push $0x1 "\x5b" // pop %ebx "\x52" // push %edx...

Unix Command Shell, Bind TCP (via Perl)

Listen for a connection and spawn a command shell via perl This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 240 include Msf::Payload::Single include Msf::Sessions::CommandShellOptio...

linux/x86 examples of long-term payloads hide-wait-change .s

linux/x86 examples of long-term payloads hide-wait-change .s. Shellcode exploit for linx86 platform ============================================================================================= hide-wait-change final v4...

linux/x86 examples of long-term payloads hide-wait-change (.s)

No description provided by source. ============================================================================================= hide-wait-change final v4 ------------------------------------------------------------------------------------------- Author: xort [email protected] Date: 09/14/2005...

linux/x86 examples of long-term payloads hide-wait-change 187 bytes+

No description provided by source. /---------------------------------------------------------------------------- Mystique Project: Examples of long-term payloads hide-wait-change code by [email protected] & [email protected] ----------------------------------------------------------------------------...

x_aix5_bellmail.pl.txt

-bash-2.05b$ -bash-2.05b$ cat xaix5bellmail.pl !/usr/bin/perl FileName: xaix5bellmail.pl Exploit "Race condition vulnerability BUGTRAQ ID: 8805" of /usr/bin/bellmail command on Aix5 to change any file owner to current user. Usage : xaix5bellmail.pl aimfile aimfile : then file wich you want to cho...

[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=&gt;x cXIb8O3.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...

CVE-2004-1573

The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator...