209 matches found
PhpCommander <= 3.0 (upload) Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? $devilteam = ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+:...
Invision Power Board <= 1.3.1 Login.PHP SQL Injection (working)
No description provided by source. ?php / = 1.3.1 Final /str0ke / $server = SERVER; $port = 80; $file = PATH; $target = 81; / User id and password used to fake-logon are not important. '10' is a random number. / $id = 10; $pass = ; $hex = 0123456789abcdef; for$i = 1; $i = 32; $i++ $idx = 0; $foun...
PHPBB2 Page_Header.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6888/info A SQL injection vulnerability has been reported in phpBB2. phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply...
LinPHA <= 1.3.1 (new_images.php) Remote Blind SQL Injection Exploit
No description provided by source. ?php / LinPHA = 1.3.1 newimages.php Remote Blind SQL Injection Hash Fishing Exploit / BENCHMARK method author...: EgiX mail.....: n0b0d1esathotmaildotcom link.....: http://linpha.sourceforge.net/ dork.....: LinPHA Version 1.3.x or The LinPHA developers vulnerabl...
MyCMS <= 0.9.8 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo MyCMS = 0.9.8 Remote Command Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love ; if $argc3 echo Usage: php .$argv0. Host Path C...
imacs CMS 0.3.0 Shell Upload
?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...
imacs CMS Unrestricted File Upload Exploit
Exploit for php platform in category web applications ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...
Bloofox CMS Unrestricted File Upload Exploit
Exploit for php platform in category web applications ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...
CVE-2012-5823
Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...
CVE-2012-5801
The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the...
Design/Logic Flaw
Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...
Code injection
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to...
Code injection
The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the...
CVE-2012-5788
The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...
CVE-2012-5823
Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...
CVE-2012-5801
The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the...
CVE-2012-5799
The Canada Post aka CanadaPost module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,...
CVE-2012-5799
The CVE-2012-5799 issue affects the Canada Post module in PrestaShop, where the code path using PHP fsockopen does not verify that the server hostname matches a domain listed in the certificate’s Common Name (CN) or subjectAltName. This enables potential MITM spoofing of SSL servers using arbitra...
CVE-2012-5801
The CVE-2012-5801 entry concerns the PrestaShop PayPal module failing to verify the server hostname against the TLS certificate (CN/subjectAltName) during SSL handshakes via PHP fsockopen. This allows MITM spoofing with arbitrary valid certificates, impacting confidentiality and integrity (partia...
SugarCRM CE <= 6.3.1 "unserialize()" PHP代码执行漏洞
CVECAN ID: CVE-2012-0694 SugarCRM是开源的客户关系管理系统。 SugarCRM 6.4.0在"unserialize"的实现上存在安全漏洞,通过"SugarTheme"类的"destruct"方法的$REQUEST'currentquerybypage'输入变量传递临时序列化对象可导致执行任意PHP代码。 0 SugarCRM Community Edition = 6.3.1 厂商补丁: SugarCRM -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.sugarcrm.net/home/ ?p...