13 matches found
Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities
Exploit for php platform in category web applications Administrator optionsModify Current Theme" or use site.com/members/console.php?cID=61. You can then insert the PHP code of your choosing into Footer. In order to add or edit code you are required to provide a special Admin Key that was defined...
Clansys <= 1.1 (index.php page) PHP Code Insertion Vulnerability
No description provided by source. NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=29...
Discuz! X3. 1 Background to arbitrary code execution can take shell-vulnerability warning-the black bar safety net
See someone ask Discuz! X3. 1 Background how get shell, download it a look, before someone says HTML generation can take the shell, I yesterday the official website to download the version found, the static file extensions, limiting the htm/html. If the server does not exist parsing vulnerability...
espcms后台getshell-3,并可利用csrf交互强制管理员getshell
简要描述: 详细说明: 后台修改模板处未过滤,可在模板中插入php代码(此处方便演示,使用了phpinfo 本来,一个后台getshell的危害应该属于较低的,因为需要管理员权限。但是,espcms后台操作无token,通过csrf的交互,就可以强迫管理员干很多事。修改模板为shell的包如下: 无token,所以可以通过一个自动提交表单给管理员点击,然后就会自动getshell了。(此处主要是后台getshell,csrf就不再说了,详细的POC可以查看我以前提交的一些漏洞) 漏洞证明:...
dokuwiki -- multiple vulnerabilities
Multiple vulnerabilities have been reported within dokuwiki. dokuwiki is proven vulnerable to: arbitrary PHP code insertion via spellcheck module, XSS attack via "Update your account profile," bypassing of ACL controls when enabled...
[Full-disclosure] Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability.
--Security Report-- Advisory: Clansys = 1.1 PHP Code Insertion Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 23/04/06 21:07 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Clansys http://www.clansys.de.vu/ Versio...
Clansys <= v.1.1 (index.php page) PHP Code Insertion Vulnerability
No description provided by source. NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=29...
Clansys 1.1 - index.php PHP Code Insertion
Clansys 1.1 - index.php PHP Code Insertion NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory:...
[eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities
New eVuln Advisory: N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities http://evuln.com/vulns/121/summary.html --------------------Summary---------------- eVuln ID: EV0121 CVE: CVE-2006-1657 CVE-2006-1658 Vendor: Chucky A. Ivey Software: N.T. Sowtware's Web Site: http://www.v-gfx.net/...
[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities
New eVuln Advisory: QLnews XSS and PHP Code Insertion Vulnerabilities http://evuln.com/vulns/113/summary.html --------------------Summary---------------- eVuln ID: EV0113 CVE: CVE-2006-1575 CVE-2006-1576 Software: QLnews Sowtware's Web Site: http://www.vscripts.pl/ Versions: 1.2 Critical Level:...
[eVuln] VNews Multiple Vulnerabilities
New eVuln Advisory: VNews Multiple Vulnerabilities http://evuln.com/vulns/112/summary.html --------------------Summary---------------- eVuln ID: EV0112 CVE: CVE-2006-1543 CVE-2006-1544 CVE-2006-1545 Software: VNews Sowtware's Web Site: http://www.vscripts.pl/?id=vnews Versions: 1.2 Critical Level...
[eVuln] [V]Book Multiple Vulnerabilities
New eVuln Advisory: VBook Multiple Vulnerabilities http://evuln.com/vulns/111/summary.html --------------------Summary---------------- eVuln ID: EV0111 CVE: CVE-2006-1561 CVE-2006-1562 CVE-2006-1563 Software: VBook Sowtware's Web Site: http://www.vscripts.pl/?id=vbook2 Versions: 2.0 Critical Leve...
[eVuln] ACal Authentication Bypass & PHP Code Insertion
New eVuln Advisory: ACal Authentication Bypass & PHP Code Insertion --------------------Summary---------------- Software: ACal Sowtware's Web Site: http://acalproj.sourceforge.net/ Versions: 2.2.5 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Availabl...