56 matches found
EUVD-2008-5935
Malware in sbrugna...
EUVD-2008-6605
Malware in sbrugna...
EUVD-2008-1860
Malware in sbrugna...
EUVD-2008-4642
Malware in sbrugna...
EUVD-2008-4892
Malware in sbrugna...
LokiCMS <= 0.3.4 (index.php page) Arbitrary Check File Exploit
官网链接: http://www.lokicms.com/ 影响版本:= 0.3.4 概述: LokiCMS 0.3.4及之前版本中的index.php存在目录遍历漏洞。当magicquotesgpc被中止时,远程攻击者可以借助页参数中的"..",来检查任意文件是否存在。 漏洞页面: vuln file: index.php 漏洞代码: if isset $GET && isset $GET'page' $pagename = stripslashes trim $GET'page' ; // load the page if $pagename == '' $name =...
LokiCMS <= 0.3.3 Arbitrary File Delete Vulnerability
No description provided by source. Name : LokiCMS 0.3.3 = Arbitrary File Delete Vulnerability Author : cOndemned Greetz : ZaBeaTy, GregStar, irk4z, doctor, Avantura ; Usage: http://target/lokiCMS/admin.php?delete=path/file PoC: http://target/lokiCMS/admin.php?delete=../includes/Config.php Deletin...
LokiCMS <= 0.3.3 - Remote Command Execution Exploit
No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection Exploit: Remote Command Execution Vuln Code: admin.php if $GET'default' != '' // User want's to set the default page writeconfig$cpassword,...
CVE-2008-6643
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php...
Design/Logic Flaw
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php...
CVE-2008-6643
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php...
CVE-2008-6643
LokiCMS 0.3.4 (and possibly earlier) is affected by an access-control bypass in administrative functions. The issue allows remote attackers to bypass restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php. Affected component/function: LokiCMS ...
CVE-2008-5965
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magicquotesgpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. dot dot in the page parameter...
Directory traversal
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magicquotesgpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. dot dot in the page parameter...
CVE-2008-5965
The vulnerability CVE-2008-5965 affects LokiCMS 0.3.4 and earlier. A directory traversal flaw exists in index.php that, when magic_quotes_gpc is disabled, allows remote attackers to probe for the existence of arbitrary files by injecting .. into the page parameter. The NVD entry documents a MEDIU...
CVE-2008-5965
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magicquotesgpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. dot dot in the page parameter...
CVE-2008-4913
CVE-2008-4913: LokiCMS (versions 0.3.3 and earlier) contains a directory traversal flaw in admin.php where an attacker can use a .. in the delete parameter to delete arbitrary files. The connected documents confirm the affected product/version and the underlying cause (directory traversal) but do...
CVE-2008-4913
Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. dot dot in the delete parameter...
CVE-2008-4913
Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. dot dot in the delete parameter...
Directory traversal
Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. dot dot in the delete parameter...