Lucene search
K

75 matches found

exploitpack
exploitpack
added 2006/08/19 12:0 a.m.9 views

Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion

Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion / Notes: globals bypass with a multipart/form-data POST PHP4 = 4.4.0 PHP5 = 5.0.5 http://www.hardened-php.net/globals-problem /str0ke / C Y BE R - W A R R i O R T I M mambo combabackup 1.1 Component mosConfigabsolutepath Remote File...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2006/08/19 12:0 a.m.49 views

Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion

/ Notes: globals bypass with a multipart/form-data POST PHP4 = 4.4.0 PHP5 = 5.0.5 http://www.hardened-php.net/globals-problem /str0ke / C Y BE R - W A R R i O R T I M mambo combabackup 1.1 Component mosConfigabsolutepath Remote File Inclusion Vulnerabilities Author: mdx Class : Remote cont@ct:...

7.4AI score
Exploits0
canvas
canvas
added 2006/06/07 12:2 a.m.2499 views

Immunity Canvas: DOKUWIKI_EXEC

Name| dokuwikiexec ---|--- CVE| CVE-2006-2878 Exploit Pack| CANVAS Description| DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution Notes| CVE Name: CVE-2006-2878 VENDOR: DokuWiki Repeatability: Infinite References: 'http://www.hardened-php.net/advisory042006.119.html' CVSS: 7.5 DOR...

7.5CVSS2.5AI score0.13925EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.36 views

FreeBSD : pear-XML_RPC -- remote PHP code injection vulnerability (e65ad1bf-0d8b-11da-90d0-00304823c0d3)

A Hardened-PHP Project Security Advisory reports : When the library parses XMLRPC requests/responses, it constructs a string of PHP code, that is later evaluated. This means any failure to properly handle the construction of this string can result in arbitrary execution of PHP code. This new...

7.5CVSS5.8AI score0.05091EPSS
Exploits0References9
securityvulns
securityvulns
added 2006/01/13 12:0 a.m.41 views

Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP ext/session HTTP Response Splitting Vulnerability Release Date: 2006/01/12 Last Modified: 2006/01/12 Author: Stefan Esser [email protected] Application: PHP5 = 5.1.1...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2005/12/30 12:0 a.m.28 views

Advisory 26/2005: TinyMCE Compressor Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: TinyMCE Compressor Vulnerabilities Release Date: 2005/12/29 Last Modified: 2005/12/29 Author: Stefan Esser [email protected] Application: TinyMCE Compressor = 1.0.5...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/12/07 12:0 a.m.40 views

GLSA-200511-18 : phpSysInfo: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200511-18 phpSysInfo: Multiple vulnerabilities Christopher Kunz from the Hardened-PHP Project discovered that phpSysInfo is vulnerable to local file inclusion, cross-site scripting and a HTTP Response Splitting attacks. Impact : A...

6.8CVSS5.6AI score0.03548EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2005/11/15 12:0 a.m.69 views

Hardened-PHP Project Security Advisory 2005-21.81

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in phpSysInfo Release Date: 2005/11/13 Last Modified: 2005/11/12 Author: Christopher Kunz Application: phpSysInfo 2.4 and prior Severity: Cross-Site...

6.8CVSS0.5AI score0.03716EPSS
Exploits1
securityvulns
securityvulns
added 2005/11/11 12:0 a.m.30 views

[SA17441] phpSysInfo "register_globals" Emulation Layer Overwrite Vulnerability

TITLE: phpSysInfo "registerglobals" Emulation Layer Overwrite Vulnerability SECUNIA ADVISORY ID: SA17441 VERIFY ADVISORY: http://secunia.com/advisories/17441/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data, Exposure of sensitive information WHERE: From remote...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/10/22 12:0 a.m.45 views

[Full-disclosure] Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin Local File Inclusion Vulnerability Release Date: 2005/10/22 Last Modified: 2005/10/22 Author: Stefan Esser [email protected] Application: phpMyAdmin = 2.6.4-p...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/07/22 12:0 a.m.27 views

[Full-disclosure] Advisory 11/2005: Multiple vulnerabilities in Contrexx

Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in Contrexx Release Date: 2005/07/21 Last Modified: 2005/07/18 Author: Christopher Kunz [email protected] Application: Contrexx 1.0.5 Severity: Cross-Site Scripting, SQL injection...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/07/22 12:0 a.m.32 views

Hardened-PHP Project Security Advisory 2005-11.59

Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in Contrexx Release Date: 2005/07/21 Last Modified: 2005/07/18 Author: Christopher Kunz Application: Contrexx 1.0.5 Severity: Cross-Site Scripting, SQL injection and information disclosure, passwo...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/07/13 12:0 a.m.25 views

Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Yawp/YaWiki Remote URL Include Vulnerability Release Date: 2005/07/12 Last Modified: 2005/07/12 Author: Stefan Esser [email protected] Application: Yawp = 1.0.6 Severity...

Exploits0
Tenable Nessus
Tenable Nessus
added 2005/06/23 12:0 a.m.16 views

GLSA-200506-21 : Trac: File upload vulnerability

The remote host is affected by the vulnerability described in GLSA-200506-21 Trac: File upload vulnerability Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the 'id' parameter when uploading attachments to the wiki or the bug tracking system. Impact : A remote...

6.1AI score
Exploits0References2
Exploit DB
Exploit DB
added 2005/04/11 12:0 a.m.24 views

PunBB 1.2.4 - 'id' SQL Injection

!/usr/bin/python | || | | | | | | | || || \ | |/ || '|/ |/ -| ' \ / -/ |||| /| || / ||||,||| ,|||||||,| || |||||| Proof of concept code from the Hardened-PHP Project -= PunBB 1.2.4 =- changeemail SQL injection exploit user-supplied data within the database is still user-supplied data import...

7.4AI score
Exploits0
Rows per page
Query Builder