Lucene search
K

209 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

PhpCommander <= 3.0 (upload) Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? $devilteam = ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.39 views

Invision Power Board <= 1.3.1 Login.PHP SQL Injection (working)

No description provided by source. ?php / = 1.3.1 Final /str0ke / $server = SERVER; $port = 80; $file = PATH; $target = 81; / User id and password used to fake-logon are not important. '10' is a random number. / $id = 10; $pass = ; $hex = 0123456789abcdef; for$i = 1; $i = 32; $i++ $idx = 0; $foun...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.41 views

PHPBB2 Page_Header.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6888/info A SQL injection vulnerability has been reported in phpBB2. phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.35 views

LinPHA <= 1.3.1 (new_images.php) Remote Blind SQL Injection Exploit

No description provided by source. ?php / LinPHA = 1.3.1 newimages.php Remote Blind SQL Injection Hash Fishing Exploit / BENCHMARK method author...: EgiX mail.....: n0b0d1esathotmaildotcom link.....: http://linpha.sourceforge.net/ dork.....: LinPHA Version 1.3.x or The LinPHA developers vulnerabl...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.30 views

MyCMS <= 0.9.8 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo MyCMS = 0.9.8 Remote Command Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love ; if $argc3 echo Usage: php .$argv0. Host Path C...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/06/18 12:0 a.m.20 views

imacs CMS 0.3.0 Shell Upload

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...

7.4AI score
Exploits0
0day.today
0day.today
added 2013/06/18 12:0 a.m.20 views

imacs CMS Unrestricted File Upload Exploit

Exploit for php platform in category web applications ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/06/18 12:0 a.m.19 views

Bloofox CMS Unrestricted File Upload Exploit

Exploit for php platform in category web applications ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...

7.1AI score
Exploits0
NVD
NVD
added 2012/11/04 10:55 p.m.18 views

CVE-2012-5823

Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...

5.8CVSS6.6AI score0.00566EPSS
Exploits1References1
NVD
NVD
added 2012/11/04 10:55 p.m.19 views

CVE-2012-5801

The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the...

5.8CVSS6.6AI score0.00759EPSS
Exploits1References1
Prion
Prion
added 2012/11/04 10:55 p.m.13 views

Design/Logic Flaw

Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...

5.8CVSS7.1AI score0.00566EPSS
Exploits1References1
Prion
Prion
added 2012/11/04 10:55 p.m.26 views

Code injection

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to...

5.8CVSS6.8AI score0.00566EPSS
Exploits2References1
Prion
Prion
added 2012/11/04 10:55 p.m.19 views

Code injection

The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the...

5.8CVSS7.1AI score0.00759EPSS
Exploits1References1
Cvelist
Cvelist
added 2012/11/04 10:0 p.m.18 views

CVE-2012-5788

The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...

6.6AI score0.0057EPSS
Exploits1References2
Cvelist
Cvelist
added 2012/11/04 10:0 p.m.20 views

CVE-2012-5823

Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...

6.6AI score0.00566EPSS
Exploits1References1
Cvelist
Cvelist
added 2012/11/04 10:0 p.m.28 views

CVE-2012-5801

The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the...

6.6AI score0.00759EPSS
Exploits1References1
Cvelist
Cvelist
added 2012/11/04 10:0 p.m.18 views

CVE-2012-5799

The Canada Post aka CanadaPost module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,...

6.6AI score0.00759EPSS
Exploits1References1
CVE
CVE
added 2012/11/04 10:0 p.m.51 views

CVE-2012-5799

The CVE-2012-5799 issue affects the Canada Post module in PrestaShop, where the code path using PHP fsockopen does not verify that the server hostname matches a domain listed in the certificate’s Common Name (CN) or subjectAltName. This enables potential MITM spoofing of SSL servers using arbitra...

5.8CVSS6.8AI score0.00759EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2012/11/04 10:0 p.m.57 views

CVE-2012-5801

The CVE-2012-5801 entry concerns the PrestaShop PayPal module failing to verify the server hostname against the TLS certificate (CN/subjectAltName) during SSL handshakes via PHP fsockopen. This allows MITM spoofing with arbitrary valid certificates, impacting confidentiality and integrity (partia...

5.8CVSS6.8AI score0.00759EPSS
Exploits1References1Affected Software2
seebug.org
seebug.org
added 2012/07/30 12:0 a.m.52 views

SugarCRM CE &lt;= 6.3.1 &quot;unserialize()&quot; PHP代码执行漏洞

CVECAN ID: CVE-2012-0694 SugarCRM是开源的客户关系管理系统。 SugarCRM 6.4.0在"unserialize"的实现上存在安全漏洞,通过"SugarTheme"类的"destruct"方法的$REQUEST'currentquerybypage'输入变量传递临时序列化对象可导致执行任意PHP代码。 0 SugarCRM Community Edition = 6.3.1 厂商补丁: SugarCRM -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.sugarcrm.net/home/ ?p...

9.4AI score0.67256EPSS
Exploits13
Rows per page
Query Builder