CVE-2009-0735

Directory traversal vulnerability in lib/classes/messageclass.php in Papoo CMS 3.6, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. dot dot in the pfadhier parameter. NOTE: some of these details are...

Directory traversal

Directory traversal vulnerability in lib/classes/messageclass.php in Papoo CMS 3.6, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. dot dot in the pfadhier parameter. NOTE: some of these details are...

CVE-2009-0735

Directory traversal vulnerability in lib/classes/messageclass.php in Papoo CMS 3.6, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. dot dot in the pfadhier parameter. NOTE: some of these details are...

CVE-2009-0735

The vulnerability CVE-2009-0735 affects Papoo CMS 3.6, specifically in lib/classes/message_class.php. When register_globals is enabled and magic_quotes_gpc is disabled, a directory traversal via the pfadhier parameter (.. path) can allow remote attackers to read, and possibly execute, arbitrary f...

Papoo CMS 3.x (pfadhier) Local File Inclusion Vulnerability

No description provided by source. + Papoo CMS 3.6 Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + Script Homepage : http://www.papoo-cms.com/ + Local File Inclusion - PoC : http://127.0.0.1/path/lib/classes/messageclass.php?pfadhier=Local...

Papoo CMS 3.6 Local File Inclusion

Papoo CMS 3.6 Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + Script Homepage : http://www.papoo-cms.com/ + Local File Inclusion - PoC : http://127.0.0.1/path/lib/classes/messageclass.php?pfadhier=Local File%00 - Example :...

Papoo CMS 3.x - pfadhier Local File Inclusion

Papoo CMS 3.x - pfadhier Local File Inclusion + Papoo CMS 3.6 Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + Script Homepage : http://www.papoo-cms.com/ + Local File Inclusion - PoC :...

Papoo CMS 3.x (pfadhier) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications =========================================================== Papoo CMS 3.x pfadhier Local File Inclusion Vulnerability =========================================================== + Papoo CMS 3.6 Local File Inclusion + Discovered By SirGod +...

Papoo CMS 3.x - 'pfadhier' Local File Inclusion

Papoo CMS 3.6 Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + Script Homepage : http://www.papoo-cms.com/ + Local File Inclusion - PoC : http://127.0.0.1/path/lib/classes/messageclass.php?pfadhier=Local File%00 - Example :...

CVE-2007-3494

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

Code injection

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

CVE-2007-3494

CVE-2007-3494 affects Papoo CMS 3.6 and possibly earlier. The vulnerability stems from a missing privilege check in backend administration plugin access (via interna/plugin.php and a devtools/templates/newdump_backend.html argument), enabling remote authenticated users to perform actions beyond t...

CVE-2007-3494

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

[Full-disclosure] Papoo CMS 3.6 - Access Restriction Bypass

Papoo Content Management System Backend Access Restriction Bypass Jun 24 2007 Product Papoo Content Management System Vulnerable Versions Papoo 3.6 and maybe prior Vendor Status The Vendor was notified and the issue was fixed. A patch is available at...

Papoo CMS - Multiple Cross Site Scripting

Papoo Content Management System Multiple Cross Site Scriptings Jun 12 2007 ------------------------------------------------------------------------------- Product Papoo Content Management System Vulnerable Versions Papoo Light 3.6 Vendor Status The Vendor was notified and the issue fixed. A patch...

Papoo CMS 3.2 - IBrowser Remote File Inclusion

Papoo CMS 3.2 - IBrowser Remote File Inclusion source: https://www.securityfocus.com/bid/19807/info Papoo CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containin...

Papoo CMS 3.2 - IBrowser Remote File Inclusion

source: https://www.securityfocus.com/bid/19807/info Papoo CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...

Papoo Multiple SQL vuln.

Papoo Multiple SQL vuln. Vuln. discovered by : r0t Date: 21 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/papoo-multiple-sql-vuln.html vendor:http://www.papoo.org/ affected version:2.1.2 and prior Product Description: Papoo ist an easy to use, accessible CMS. It respects for...