online-rfi.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Multiple...

CVE-2005-4861

Ragnarok Online Control Panel (ROCP) 4.3.4a is affected by CVE-2005-4861. The vulnerability arises in functions.php where CHECK_AUTH mishandles a trailing "/login.php" in PHP_SELF, allowing remote attackers to bypass authentication when accessing account_manage.php. Reported impact is authenticat...

Sql injection

Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 account-inbox.php, 2 account-settings.php, and possibly 3 backend/functions.php...

CVE-2007-4339

PHPCentral Poll Script 1.0 is affected by multiple PHP remote file inclusion vulnerabilities. The issue allows an attacker to execute arbitrary PHP code by supplying a URL to the _SERVER[DOCUMENT_ROOT] parameter in poll.php and pollarchive.php. The note attributes the underlying cause to a variab...

RFI ====> vBulletin v3.6.5

By Hasadya Raed Contact : [email protected] - Israel Greetz : -Fairoz- ----------------------------------- vBulletin v3.6.5 Dork : "Powered by vBulletin v3.6.5. Copyright ©2000 - 2007 " ----------------------------------- Exploits :...

PsNews 1.1 - show.php?newspath Local File Inclusion

PsNews 1.1 - show.php?newspath Local File Inclusion o bug /". . . . .-' -...-'/ o o , . o -...--".\ vuln.: PsNews 1.1 show.php newspath Local File Inclusion author: [email protected] download: http://www.strefaphp.net/index.php?page=download&what=download&fid=12 dork: "Powered by PsNews" ;...

wppass-redirect.txt

The vulnerability found could allow an attacker to redirect victims to an arbitrary 3rd party site. This site could be a phishing site or contain malware allowing the attacker to steal account credentials or compromise hosts. This vulnerability can be found in Wordpress 2.2, however it is likely...

Redirection Vulnerability in wp-pass.php, WordPress 2.2.1

The vulnerability found could allow an attacker to redirect victims to an arbitrary 3rd party site. This site could be a phishing site or contain malware allowing the attacker to steal account credentials or compromise hosts. This vulnerability can be found in Wordpress 2.2, however it is likely...

Directory traversal

Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 FORUMLANGUAGE parameter to functions.php or the 2 style parameter to bottom.php...

glsh-lfi.txt

GL-SH Deaf Board Version = 6.4.4 local file inclusion download: http://www.frank-karau.de/download/Deafforumversion6.4.3.zip found by: Katatafish [email protected] google dork:"2005 www.frank-karau.de" | "2006 www.frank-karau.de" exploit:...

GL-SH Deaf Forum 6.4.4 - Local File Inclusion

GL-SH Deaf Forum 6.4.4 - Local File Inclusion GL-SH Deaf Board Version = 6.4.4 local file inclusion download: http://www.frank-karau.de/download/Deafforumversion6.4.3.zip found by: Katatafish [email protected] google dork:"2005 www.frank-karau.de" | "2006 www.frank-karau.de" exploit:...

GL-SH Deaf Forum 6.4.4 - Local File Inclusion

GL-SH Deaf Board Version = 6.4.4 local file inclusion download: http://www.frank-karau.de/download/Deafforumversion6.4.3.zip found by: Katatafish [email protected] google dork:"2005 www.frank-karau.de" | "2006 www.frank-karau.de" exploit:...

Directory traversal

Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to 1 include and execute arbitrary local files via a .. dot dot in the adminlang cookie to admin/functions.php or 2 read arbitrary local files via the img parameter to admin/showimg.php...

Cross site scripting

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

CVE-2007-3238

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

CVE-2007-3238

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

CVE-2007-3244

CVE-2007-3244 describes a SQL injection in bbPress prior to version 0.8.1. The vulnerability is in bb-includes/formatting-functions.php and can allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, demonstrated by a PRE element (the “quirky slashe...

CVE-2007-3238

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggierootpath parameter to 1 config.php; 2 db.php, 3 template.php, 4 functions.php, and 5 classes.php in includes/; 6 viewmode.php; and 7 blogbody.php. NOT...

wordpresstheme-xss.txt

There is an XSS in the Wordpress default theme. Tested on WordPress version 2.2 Filename functions.php, line 387. Code: " $SERVER'REQUESTURI' is directly echoed to the user. This problem can be exploited if the adminstrator is logged in. Sample exploit URL...