@lex Guestbook 4.0.2 - Remote Command Execution

!/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status Trying to add a skin | sploit Done | status Writin...

L2J Statistik Script 0.09 - index.php Local File Inclusion

L2J Statistik Script 0.09 - index.php Local File Inclusion ? print ' | \ | \ \ / | | | | | | | \ \ \ / \ \ | \ \ / \ | \ | | | / \ | \ \ \ / / | | | | | | | | | | ||/ // |./ |/\ ./ |/ || | \ \ / \ \ / | | | / | | | | | | \ | \ \ | \ | | / | | | / | | | / | |/ ,||./ | |,||\ Rev.4...

vBulletin misc.php Template Name Arbitrary Code Execution

This module exploits an arbitrary PHP code execution flaw in the vBulletin web forum software. This vulnerability is only present when the "Add Template Name in HTML Comments" option is enabled. All versions of vBulletin prior to 3.0.7 are affected. This module requires Metasploit:...

Logahead UNU版本_widged.php远程文件上传及代码执行漏洞

Logahead是一款开源的blog软件，具有tagging、拖放等功能。 Logahead在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 Logahead的extras/plugins/widged/widged.php脚本中存在认证绕过漏洞，允许未经认证的攻击者向服务器上传文件。此外，该脚本还没有验证上传文件的扩展名，允许攻击者上传有任意扩展名（如.php）的文件并在服务器上执行任意PHP代码。 Logahead Logahead UNU edition 1.0...

CVE-2006-6809

Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator aka bubla 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 budir or 2 buconfigdir parameter...

CVE-2006-6793

PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2006-6796

PHP remote file inclusion vulnerability in admin/adminsettings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the insfile parameter...

CVE-2006-6786

CVE-2006-6786 affects Open Newsletter 2.5 and earlier. The vulnerability enables remote authenticated administrators to execute arbitrary PHP code by inserting code into the email parameter of subscribe.php or unsubscribe.php. This leads to potential code execution with the privileges of the auth...

CVE-2006-6786

Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to 1 subscribe.php or 2 unsubscribe.php...

CVE-2006-6793

PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

JAF CMS Forum.PHP远程文件包含漏洞

Salims Softhouse JAF CMS是一款基于PHP的内容管理程序。 Salims Softhouse JAF CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Forum.PHP'脚本对用户提交的'applAPPL'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Salims Softhouse JAF CMS 4.0 RC1 Salims Softhouse JAF CMS 3.0 RC Salims Softhouse JAF CMS 2.5 Salims Softhous...

CVE-2006-6739

PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTPDOCUMENTROOT parameter, a different vector than CVE-2006-6689...

Pixel Motion Config.PHP远程命令执行漏洞

Pixel Motion是一款基于PHP的web应用程序。 Pixel Motion不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于‘config. php’脚本对用户提交的web参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Pixel Motion Pixel Motion 2.1.1 目前没有解决方案提供，请关注以下链接： http://www.pixelmotion.org/ !/usr/bin/perl Affected.scr..: Blog Pixel Motion V2.1.1...

CVE-2006-6590

PHP remote file inclusion vulnerability in usercpmenu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the scriptfolder parameter...

CVE-2006-6541

PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley...

CVE-2006-6527

PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

GenesisTrader 1.0 - form.php Arbitrary File Source Disclosure

GenesisTrader 1.0 - form.php Arbitrary File Source Disclosure source: https://www.securityfocus.com/bid/21595/info GenesisTrader is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple...

GenesisTrader 1.0 - form.php Multiple Cross-Site Scripting Vulnerabilities

GenesisTrader 1.0 - form.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21595/info GenesisTrader is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include...

dc-arbitrary.txt

/ -061124b- \ | deV!Lz Clanportal - Arbitrary File Upload | \ / S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload...

deV!Lz Clanportal [DZCP] <= 1.3.6 Arbitrary File Upload Vulnerability

No description provided by source. S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code and execute it,...