75 matches found
CVE-2007-6142
Multiple cross-site scripting XSS vulnerabilities in ph03y3nk just another flat file JAF CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the 1 show parameter to index.php and the 2 print parameter to print.php. NOTE: the provenance of this information is unknown; the...
jafcms-xss.txt
JAF CMS - 4.0 Cross Site Scripting Vulnerability Source: http://sourceforge.net/projects/jaf-cms/ Author: Arham Muhammad POC: http://site/path/index.php?show="alert/xss/; There Is No Sign Of Filteration In Jaf-Cms, Making It Prune To Xss And Session Hijacking!...
CVE-2006-7128
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter...
CVE-2006-7128
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter...
CVE-2006-7127
Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the maindir parameter to 1 forum/main.php and 2 forum/headlines.php...
CVE-2006-7128
CVE-2006-7128 describes a PHP remote file inclusion in JAF CMS 4.0 RC1, exploitable via the URL in the website parameter of forum.php, allowing remote code execution. The NVD CVSSv2 base score is 7.5 (HIGH) with network access, low complexity, no authentication, and partial impact on confidential...
CVE-2006-7127
CVE-2006-7127 affects the JAF CMS (versions 4.0 and 4.0 RC2). Affected component: the forum/ directory handling pages (forum/main.php and forum/headlines.php). Root cause: remote PHP code execution via a crafted URL passed to the main_dir parameter, enabling an attacker to include and run arbitra...
JAF CMS Forum.PHP远程文件包含漏洞
Salims Softhouse JAF CMS是一款基于PHP的内容管理程序。 Salims Softhouse JAF CMS不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Forum.PHP'脚本对用户提交的'applAPPL'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Salims Softhouse JAF CMS 4.0 RC1 Salims Softhouse JAF CMS 3.0 RC Salims Softhouse JAF CMS 2.5 Salims Softhous...
JAF CMS Remote file include (website)
=========================================================================================== JAF CMS Remote file include website =========================================================================================== Script name : JAF CMS Version : 4.0...
JAF CMS 4.0 RC1 - Multiple Remote File Inclusions
JAF CMS 4.0 RC1 - Multiple Remote File Inclusions =========================================================================================== JAF CMS Remote file include website =========================================================================================== Script name : JAF CMS Versi...
JAF CMS <= 4.0 RC1 Multiple Remote File Include Vulnerabilities
No description provided by source. =========================================================================================== JAF CMS Remote file include website =========================================================================================== Script name : JAF CMS Version : 4.0...
JAF CMS <= 4.0 RC1 Multiple Remote File Include Vulnerabilities
Exploit for unknown platform in category web applications =============================================================== JAF CMS = 4.0 RC1 Multiple Remote File Include Vulnerabilities ===============================================================...
JAF CMS 4.0 RC1 - Multiple Remote File Inclusions
=========================================================================================== JAF CMS Remote file include website =========================================================================================== Script name : JAF CMS Version : 4.0...
CVE-2006-5129
Multiple cross-site scripting XSS vulnerabilities in ph03y3nk just another flat file JAF CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via 1 the message parameter, and possibly other parameters, in module/shout/jafshout.php aka the shoutbox; and 2 the message body in a...
CVE-2006-5131
module/shout/jafshout.php aka the shoutbox in ph03y3nk just another flat file JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "", possibly due to a static code injection vulnerability involving admin/datainc.php...
CVE-2006-5130
Multiple cross-site scripting XSS vulnerabilities in ph03y3nk just another flat file JAF CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 url, 3 title, and 4 about parameters in a forum post. NOTE: the provenance of this information is unknown; the detai...
JAF CMS <= 4.0 RC1 (forum.php) Remote File Include Exploit
No description provided by source. !/usr/bin/perl ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +...
JAF CMS 4.0 RC1 - forum.php Remote File Inclusion
JAF CMS 4.0 RC1 - forum.php Remote File Inclusion !/usr/bin/perl ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:...
JAF CMS 4.0 RC1 - 'forum.php' Remote File Inclusion
!/usr/bin/perl ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ ++ +++:++ +++:++++: ++...
JAF CMS <= 4.0 RC1 (forum.php) Remote File Include Exploit
Exploit for unknown platform in category web applications ========================================================== JAF CMS = 4.0 RC1 forum.php Remote File Include Exploit ========================================================== !/usr/bin/perl ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :...