14 matches found
EUVD-2007-1997
Malware in sbrugna...
EUVD-2007-1998
Malware in sbrugna...
EUVD-2007-1999
Malware in sbrugna...
InoutMailingListManager <= 3.1 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo InoutMailingListManager = 3.1 Command Execution Exploit + Login Retrieve + Advisory by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love ; if $argc4...
Sql injection
Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors...
Design/Logic Flaw
InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie...
CVE-2007-2003
InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect...
CVE-2007-2002
CVE-2007-2002 affects InoutMailingListManager before or up to version 3.1. The vulnerability arises when an arbitrary admin cookie is set, allowing remote attackers to access restricted functionality and to upload and execute arbitrary PHP code. This is the concrete root cause and impact describe...
CVE-2007-2004
CVE-2007-2004 affects InoutMailingListManager 3.1 and earlier. The provided documents indicate multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors. This vulnerability stems from i...
CVE-2007-2002
InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie...
CVE-2007-2003
CVE-2007-2003 affects InoutMailingListManager 3.1 and earlier. The issue is that after an authorization check fails the application returns a Location header but does not exit, allowing remote attackers to access restricted functionality and to upload/execute arbitrary PHP code by ignoring the re...
CVE-2007-2003
InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect...
CVE-2007-2004
Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors...
InoutMailingListManager 3.1 - Remote Command Execution
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Site CMD Host: target server ip/hostname Path: path of phpMyNewsletter CMD: a shell command Example: php ".$argv0." localhost /inout/ cat /etc/password"; die; /...