CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

67 matches found

CVE•added 2009/06/19 5:32 p.m.•56 views

CVE-2009-2132

CVE-2009-2132 describes a directory traversal vulnerability in the PHP script global.php of 4images prior to 1.7.7. When magic_quotes_gpc is disabled, an attacker can use directory traversal sequences in the l parameter to include and execute arbitrary local files. Documents do not provide exploi...

6.8CVSS7.4AI score0.02596EPSS

Exploits1References3Affected Software1

seebug.org•added 2009/02/15 12:0 a.m.•26 views

4Images 1.7.6 Local Inclusion Vulnerability

Bug file : global.php if isset$HTTPGETVARS'l' || isset$HTTPPOSTVARS'l' $requestedl = isset$HTTPGETVARS'l' ? trim$HTTPGETVARS'l' : trim$HTTPPOSTVARS'l'; if $requestedl != $config'languagedir' && fileexistsROOTPATH.'lang/'.$requestedl.'/main.php' $l = $requestedl; $config'languagedir' = $l;...

seebug.org•added 2008/12/04 12:0 a.m.•16 views

Multi SEO phpBB 1.1.0 (pfad) Remote File Inclusion Vulnerability

No description provided by source. ========================================================================== o Multi SEO phpBB 1.1.0 Remote File Inclusion Vulnerability Software : Multi SEO phpBB version 1.1.0 Vendor : http://www.phpbb-seo.de/ Download :...

exploitpack•added 2008/12/03 12:0 a.m.•10 views

Multi SEO phpBB 1.1.0 - Remote File Inclusion

Multi SEO phpBB 1.1.0 - Remote File Inclusion ========================================================================== o Multi SEO phpBB 1.1.0 Remote File Inclusion Vulnerability Software : Multi SEO phpBB version 1.1.0 Vendor : http://www.phpbb-seo.de/ Download :...

0day.today•added 2008/12/03 12:0 a.m.•17 views

Multi SEO phpBB 1.1.0 (pfad) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================ Multi SEO phpBB 1.1.0 pfad Remote File Inclusion Vulnerability ================================================================...

Exploit DB•added 2008/12/03 12:0 a.m.•36 views

Multi SEO phpBB 1.1.0 - Remote File Inclusion

========================================================================== o Multi SEO phpBB 1.1.0 Remote File Inclusion Vulnerability Software : Multi SEO phpBB version 1.1.0 Vendor : http://www.phpbb-seo.de/ Download : http://www.phpbb-seo.de/downloads/multi.html Author : NoGe Contact :...

myhack58•added 2008/09/29 12:0 a.m.•19 views

iShowMusic V1. 2 direct write shell vulnerability-vulnerability warning-the black bar safety net

By qiur3n http://www.wolvez.org/ 2008-06-17 iShow Music is a basic set in the PHP+TXT online music player. The program uses text data stored in a way, without MYSQL database support, and the program code and interface templates separated, and easy to your music website interface to modify. Offici...

Exploit DB•added 2008/08/18 12:0 a.m.•31 views

PHP Live Helper 2.0.1 - Multiple Vulnerabilities

GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result foreach $result as $key = $val $info$key = stripslashes$val;...

0day.today•added 2008/05/19 12:0 a.m.•64 views

MercuryBoard <= 1.1.5 (login.php) Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ==================================================================== MercuryBoard settitle$this-lang-loginheader; 55. $this-tree$this-lang-loginheader; 56. 57. //print "agent: $this-agent\n"; 58. 59. if !isset$this-post'submit' 60...

seebug.org•added 2008/03/28 12:0 a.m.•10 views

sablog 1.6 多个跨站漏洞

sablog是国内安全研究人员写的一款blog程序。由于过滤不严，存在多个跨站漏洞 www.sablog.net sablog 1.6 在global.php中过滤curl，cid，setday等 $modelink = ''; if $action $modelink .= '&action='.$action; if $curl $modelink .= '&curl='.htmlspecialchars$curl; if $cid $modelink .= '&cid='.htmlspecialchars$cid; if $setdate $modelink .=...

Prion•added 2007/10/01 5:17 a.m.•7 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System ReMaSys 0.5 allow remote attackers to execute arbitrary PHP code via a URL in 1 the DIRROOT parameter to a global.php, or the 2 DIRPAGE parameter to b template/fr/page.php or c...

6.8CVSS8.2AI score0.0062EPSS

Exploits1References1Affected Software1

seebug.org•added 2007/07/17 12:0 a.m.•39 views

Php168 v 4.0 sp global.php 写入漏洞

在global.php中有这样的代码: function loginlogs$username,$password global $timestamp,$onlineip; $logdb="$username\t$password\t$timestamp\t$onlineip"; @includePHP168PATH."cache/adminloginlogs.php"; $writefile="$value $jj++; $writefile.="\$logdb=\"$value\";"; if$jj200 break;...

securityvulns•added 2007/04/28 12:0 a.m.•48 views

sunshop v4 >> RFI

vendor : turnkeywebtools.com by : s3rv3rhack3r [email protected] bugz: ++++++++++++++++++++ include/payment/payflowpro.php include $abspath."/include/payment/payflowpro/pfpro.class.php"; ++++++++++++++++++++ global.php requireonce $abspath."/libsecure.php"; ++++++++++++++++++++ libsecure.php inclu...

seebug.org•added 2006/12/24 12:0 a.m.•16 views

PNews Global.PHP远程文件包含漏洞

PNews是一款基于PHP的新闻管理程序。 PNews不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。问题是由于'Global.PHP'脚本对用户提交的'nbs'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 pNews Systems pNews 1.1 http://sourceforge.net/projects/phpnews-system/ http://www.example.com/includes/global.php?nbs=shell?...

seebug.org•added 2006/12/05 12:0 a.m.•16 views

Cwfm <= 0.9.1 (Language) Remote File Inclusion Vulnerability

No description provided by source. +-------------------------------------------------------------------- + + Cwfm-0.9.1 Language Remote File Inclusion + + Original advisory: + + http://www.bb-pcsecurity.de/Websecurity/301/org/Cwfm-0.9.1LanguageRemoteFileInclusion.htm +...

seebug.org•added 2006/12/05 12:0 a.m.•25 views

PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV43$2006 ------------------------------------------------------------------------------ ECHOADV43$2006 PHP Live Helper = 2.0 abspath Remote File Inclusion...

NVD•added 2006/10/03 4:3 a.m.•11 views

CVE-2006-5104

SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter...

7.5CVSS8.4AI score0.00341EPSS

Exploits1References4

Packet Storm•added 2006/10/03 12:0 a.m.•26 views

Vbulletin-2.x.txt

Hello,, Vbulletin 2.X sql injection Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] This is sql injection in vbulletin systems the injection is in the global.php file we can use it global.php?templatesused=/ the query will be...

CVE•added 2006/10/02 8:0 p.m.•46 views

CVE-2006-5104

The CVE-2006-5104 entry concerns Jelsoft vBulletin 2.x, where a SQL injection vulnerability exists in the global.php handling of the templatesused parameter. The underlying issue allows remote attackers to craft input that leads to arbitrary SQL execution, as reported in multiple sources (NVD ent...

7.5CVSS8.8AI score0.00341EPSS

Exploits1References4Affected Software1

Packet Storm•added 2006/10/02 12:0 a.m.•24 views

PNewsv1.1.0.txt

PNews v1.1.0 nbs Remote File Inclusion Affected Software..:PNews v1.1.0 download...:http://sourceforge.net/project/showfiles.php?groupid=35550 Class .............: Remote File Inclusion Risk ..............: high Found by ..........: CvIr.System Contact ...........: CvIr.Systematgmail.com Affected...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by