21 matches found
EUVD-2007-5884
Malware in sbrugna...
JBC Explorer 7.20 'arbre.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37423/info JBC Explorer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
JBC Explorer <= 7.20 RC 1 Remote Code Execution Exploit
No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; head; if$argc 3 usage; $url = getparam'url', true; $prx = getparam'proxy', false; $pra = getparam'proxyauth', false; $cod = 'eval$SERVERHTTPSHELL;'; $xpl = new phpsploit; $xpl-agent'Mozilla Firefox';...
Explorer 7.20 Cross Site Scripting
Script Name : Explorer V7.20 Version : V7.20 Release Candidate 1 REV A Bug Type : XSS vulnerability Found by : Metropolis Discovered : 20 December 2009 Download app : http://www.jbc-explorer.info/?action=download&download=16 Dork : JBC explorer by Psykokwak & XaV PoC :...
JBC Explorer 7.20 - arbre.php Cross-Site Scripting
JBC Explorer 7.20 - arbre.php Cross-Site Scripting source: https://www.securityfocus.com/bid/37423/info JBC Explorer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
Explorer V7.20 Cross Site Scripting Vulnerability
Exploit for unknown platform in category web applications ================================================= Explorer V7.20 Cross Site Scripting Vulnerability ================================================= Script Name : Explorer V7.20 Version : V7.20 Release Candidate 1 REV A Bug Type : XSS...
Explorer V7.20 Cross Site Scripting Vulnerability
No description provided by source. Script Name : Explorer V7.20 Version : V7.20 Release Candidate 1 REV A Bug Type : XSS vulnerability Found by : Metropolis Discovered : 20 December 2009 Download app : http://www.jbc-explorer.info/?action=download&download=16 Dork : JBC explorer by Psykokwak & Xa...
Explorer 7.20 - Cross-Site Scripting
Script Name : Explorer V7.20 Version : V7.20 Release Candidate 1 REV A Bug Type : XSS vulnerability Found by : Metropolis Discovered : 20 December 2009 Download app : http://www.jbc-explorer.info/?action=download&download=16 Dork : JBC explorer by Psykokwak & XaV PoC :...
JBC Explorer 7.20 - 'arbre.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/37423/info JBC Explorer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...
Explorer 7.20 - Cross-Site Scripting
Explorer 7.20 - Cross-Site Scripting Script Name : Explorer V7.20 Version : V7.20 Release Candidate 1 REV A Bug Type : XSS vulnerability Found by : Metropolis Discovered : 20 December 2009 Download app : http://www.jbc-explorer.info/?action=download&download=16 Dork : JBC explorer by Psykokwak &...
Authentication flaw
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to 1 delete auth.inc.php via the suppr parameter, and 2 re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the...
CVE-2007-5913
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to 1 delete auth.inc.php via the suppr parameter, and 2 re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the...
CVE-2007-5914
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by...
CVE-2007-5913
CVE-2007-5913 concerns dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier, where authentication is not required and remote attackers can (1) delete auth.inc.php via the suppr parameter and (2) re-create auth.inc.php to establish a new account/password using login and password parameters...
CVE-2007-5914
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by...
CVE-2007-5914
CVE-2007-5914 | Affects JBC Explorer 7.20 RC1 and earlier. Vulnerability in dirsys/modules/config/post.php allows direct static code injection if the DEBUG parameter is manipulated, enabling arbitrary PHP code execution via config.inc.php. The issue is tied to an upstream condition where an authe...
JBC Explorer 7.20 RC 1 - Remote Code Execution
JBC Explorer 7.20 RC 1 - Remote Code Execution !/usr/bin/php agent'Mozilla Firefox'; $xpl-allowredirection1; $xpl-cookiejar1; if$prx $xpl-proxy$prx; if$pra $xpl-proxyauth$pra; print "0x01Deleting the file auth.inc.php"; $xpl-post$url.'dirsys/modules/auth.php', 'suppr=1'; print "\n0x02Creating the...
jbcexplorer-exec.txt
!/usr/bin/php agent'Mozilla Firefox'; $xpl-allowredirection1; $xpl-cookiejar1; if$prx $xpl-proxy$prx; if$pra $xpl-proxyauth$pra; print "0x01Deleting the file auth.inc.php"; $xpl-post$url.'dirsys/modules/auth.php', 'suppr=1'; print "\n0x02Creating the file auth.inc.php";...
JBC Explorer <= 7.20 RC 1 Remote Code Execution Exploit
Exploit for unknown platform in category web applications ======================================================= JBC Explorer agent'Mozilla Firefox'; $xpl-allowredirection1; $xpl-cookiejar1; if$prx $xpl-proxy$prx; if$pra $xpl-proxyauth$pra; print "0x01Deleting the file auth.inc.php";...
JBC Explorer 7.20 RC 1 - Remote Code Execution
!/usr/bin/php agent'Mozilla Firefox'; $xpl-allowredirection1; $xpl-cookiejar1; if$prx $xpl-proxy$prx; if$pra $xpl-proxyauth$pra; print "0x01Deleting the file auth.inc.php"; $xpl-post$url.'dirsys/modules/auth.php', 'suppr=1'; print "\n0x02Creating the file auth.inc.php";...