CVE-2007-1097

CVE-2007-1097 affects Wiclear prior to 0.11.1. The onAttachFiles function in inc/lib/attachment.lib.php allows unrestricted file uploads, enabling remote attackers to upload and execute arbitrary PHP code due to filename validation weaknesses. Impact is remote code execution with full compromise ...

Magic News Plus 1.0.2 - preview.php?PHP_script_path Remote File Inclusion

Magic News Plus 1.0.2 - preview.php?PHPscriptpath Remote File Inclusion source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote...

Magic News Plus 1.0.2 - 'preview.php?PHP_script_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site scripting vulnerabilities. An...

CedStat 1.31 - index.php?hier Cross-Site Scripting

CedStat 1.31 - index.php?hier Cross-Site Scripting source: https://www.securityfocus.com/bid/22588/info CedStat is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 configpath parameter to a tagviewer.php, b tagprocess.php, and c CONFIG/errmsg.inc.php; and d...

CVE-2007-0839

Multiple PHP remote file inclusion vulnerabilities in index/indexalbum.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the 1 PLIB and 2 PINDEX parameters...

Remote file inclusion

PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateiennews parameter...

CVE-2007-0704

PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation...

EUVD-2007-0680

PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the 1 configpath parameter to a commonfoot.php or b blogs.php, or 2 the configtheme parameter to c admin/galleryhead.php...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULESDIR parameter...

CVE-2007-0551

Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pthfileconfig and 2 pthfileimage parameters...

CVE-2007-0489

PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2007-0359

PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setupfolder parameter...

CVE-2007-0300

PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter...

CVE-2007-0314

Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDEDIR parameter to 1 forms.php, 2 issueedit.php, 3 client.php, and 4 classes.php...

guest402.txt

!/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status Trying to add a skin | sploit Done | status Writin...

@lex Guestbook <= 4.0.2 Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php // | | header @lex Guestbook = 4.0.2 Remote Command Execution Exploit | header ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor |...

@lex Guestbook 4.0.2 - Remote Command Execution

@lex Guestbook 4.0.2 - Remote Command Execution !/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status...

@lex Guestbook <= 4.0.2 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ======================================================== @lex Guestbook @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit...