EUVD-2006-1789

Malware in sbrugna...

PAJAX Remote Command Execution

No description provided by source. $Id: pajaxremoteexec.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

PAJAX - Remote Command Execution (Metasploit)

$Id: pajaxremoteexec.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

PAJAX Remote Command Execution

RedTeam has identified two security flaws in PAJAX 'PAJAX Remote Command Execution', 'Description' = %q RedTeam has identified two security flaws in PAJAX 'Matteo Cantoni ', 'hdm' , 'License' = MSFLICENSE, 'References' = 'CVE', '2006-1551', 'OSVDB', '24618', 'BID', '17519', 'URL',...

pajax-0.5.1.txt

Advisory: PAJAX Remote Code Injection and File Inclusion Vulnerability RedTeam has identified two security flaws in PAJAX. It is possible to execute arbitrary PHP code from unchecked user input. Additionally, it is possible to include arbitrary files on the server ending in ".class.php". Details...

PAJAX < 0.5.2 Multiple Vulnerabilities

The remote host is running PAJAX, a PHP library for remote asynchronous objects in JavaScript. The version of PAJAX installed on the remote host fails to validate input to the 'pajax/pajaxcalldispatcher.php' script before using it in a PHP 'eval' function. An unauthenticated attacker can exploit...

[Full-disclosure] PAJAX Remote Code Injection and File Inclusion Vulnerability

Advisory: PAJAX Remote Code Injection and File Inclusion Vulnerability RedTeam has identified two security flaws in PAJAX. It is possible to execute arbitrary PHP code from unchecked user input. Additionally, it is possible to include arbitrary files on the server ending in ".class.php". Details...

CVE-2006-1551

Eval injection vulnerability in pajaxcalldispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the 1 $method and 2 $args parameters...

Sql injection

Eval injection vulnerability in pajaxcalldispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the 1 $method and 2 $args parameters...

CVE-2006-1551

PAJAX

CVE-2006-1789

PAJAX 0.5.1 and earlier expose a directory traversal vulnerability in pajax_call_dispatcher.php that lets an unauthenticated attacker read arbitrary files via the $className variable. This issue is corroborated across multiple sources (NVD/Nessus, CVE-2006-1789). The Nessus plugin explicitly grou...

PAJAX <= 0.5.1 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================ PAJAX new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "connecterror\n"; while 1 print ''.$host.' '; $cmd = ; chop$cmd; last if $cmd eq 'exit'; $ajaxdata = ""id":...

PAJAX 0.5.1 - Remote Code Execution

!/usr/bin/perl use IO::Socket; print "PAJAX Remote Code Injection - code by: Stoney - exploit found by: RedTeam\n"; if $ARGV0 && $ARGV1 $host = $ARGV0; $path = $ARGV1; $sock = IO::Socket::INET-new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "connecterror\n"; while 1 print ''.$host.'...