11 matches found
JAF CMS 4.0 Upload Exploit
Exploit for php platform in category web applications ========================== JAF CMS 4.0 Upload Exploit ========================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //...
CVE-2008-1609
CVE-2008-1609 affects JAF CMS 4.0 RC2. Connected sources describe a remote file inclusion vulnerability whereby input in the website parameter (to forum/main.php and forum/forum.php) and the main_dir parameter (to forum/forum.php) can be used to include arbitrary files, enabling arbitrary PHP exe...
jafcms-rfi.txt
┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...
JAF CMS 4.0 RC2 - Multiple Remote File Inclusions
JAF CMS 4.0 RC2 - Multiple Remote File Inclusions ??????????????????????????????????????????????????????????????????????????????? ?? C r a C k E r ?? ?? T H E C R A C K O F E T E R N A L M I G H T ?? ?????????????????????????????????????????????????????????????????????????????? ????? From The Ash...
CVE-2007-6142
The CVE affects ph03y3nk just another flat file (JAF) CMS 4.0 RC2. It describes reflected Cross‑Site Scripting via the index.php show parameter and the print.php print parameter, enabling injection of arbitrary web script/HTML. The root cause is input handling in these two parameters leading to s...
CVE-2006-7127
Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the maindir parameter to 1 forum/main.php and 2 forum/headlines.php...
CVE-2006-7128
CVE-2006-7128 describes a PHP remote file inclusion in JAF CMS 4.0 RC1, exploitable via the URL in the website parameter of forum.php, allowing remote code execution. The NVD CVSSv2 base score is 7.5 (HIGH) with network access, low complexity, no authentication, and partial impact on confidential...
CVE-2006-7127
CVE-2006-7127 affects the JAF CMS (versions 4.0 and 4.0 RC2). Affected component: the forum/ directory handling pages (forum/main.php and forum/headlines.php). Root cause: remote PHP code execution via a crafted URL passed to the main_dir parameter, enabling an attacker to include and run arbitra...
CVE-2006-5131
module/shout/jafshout.php aka the shoutbox in ph03y3nk just another flat file JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "", possibly due to a static code injection vulnerability involving admin/datainc.php...
CVE-2006-5129
Multiple cross-site scripting XSS vulnerabilities in ph03y3nk just another flat file JAF CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via 1 the message parameter, and possibly other parameters, in module/shout/jafshout.php aka the shoutbox; and 2 the message body in a...
CVE-2006-5129
CVE-2006-5129 affects ph03y3nk just another flat file (JAF) CMS 4.0 RC1. The vulnerabilities are cross-site scripting in two spots: (1) module/shout/jafshout.php (the shoutbox) via the message parameter and related name/email/title/date/ldate/lname variables, and (2) the message body in a forum p...