Zorum 3.5 /gorum/prod.php 远程代码执行漏洞

BugCVE: CVE-2005-2651 BUGTRAQ: 14601 Zorum的/gorum/prod.php文件中存在远程代码执行漏洞： 07 $doubleApp = isset$argv1; ... 14 if $doubleApp 15 16 $appDir = $argv1; 17 system"mkdir $prodDir/$appDir"; ... Zorum 3.5 厂商补丁： Zorum ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://zorum.phpoutsourcing.com/...

Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities

I have contacted PhpOutsourcing 2 weeks ago, and they didn't answer. The mail I sent on classifieds AT phpoutsourcing DOT com bounced back in error. The one I sent on askme AT phpoutsourcing DOT com never got replied. "Currently, we are completely overloaded with our running projects, and we don'...

Remote file inclusion

Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when registerglobals is enabled, allow remote attackers to include arbitrary PHP files via the 1 upperTemplate and 2 lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to...

CVE-2005-2651

gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter...

CVE-2005-2651

gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter...