950 matches found
Sphider 1.3.6 - Multiple Vulnerabilities
Exploit for php platform in category web applications Description: The web application is vulnerable to SQLi. Once a website has been indexed with Sphider, an attacker can inject SQL under Sites - Browser pages- filter option. Proof of Concept: Response: POST: /admin/admin.php...
Yoxel <= 1.23beta (itpm_estimate.php a) Remote Code Execution Vuln
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Yoxel = 1.23beta PHP code Injection Vulnerability Script: Yoxel is a hidden gem. This Open Source...
Wordpress W3 Total Cache PHP Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Coppermine Photo Gallery 1.0 PHP Code Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker...
CuteNews <= 1.4.1 (categories.mdu) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl cijfer-cnxpl - CuteNews =1.4.1 Remote Command Execution Copyright c 2005 cijfer [email protected] All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache...
LinPHA 0.9.x/1.0 sec_stage_install.php language Parameter Local File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP...
Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit
No description provided by source. ?php / Bitweaver = 2.6 /boards/boardsrss.php / saveFeed remote code execution exploit by Nine:Situations:Group::bookoo php.ini independent site: http://retrogod.altervista.org/ software site: http://www.bitweaver.org/ You need an user account and you need to...
PEHEPE Membership Management System 3.0 - Remote PHP Script Code Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16887/info PEHEPE Membership Management System is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to facilitate a compromise of the application and the underlying system; other attac...
SQLiteManager 1.2.4 - Remote PHP Code Injection Vulnerability
No description provided by source. Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit Author: RealGame Vendor Homepage:...
Symantec Web Gateway 5.0.2.8 Command Execution Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
LinPHA 0.9.x/1.0 install.php language Parameter Local File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP...
MetInfo 3.0 PHP Code Injection Vulnerability
No description provided by source...
PMOS Help Desk <= 2.4 - Remote Command Execution Exploit
No description provided by source. ?php / ------------------------------------------------------ PMOS Help Desk = 2.4 Remote Command Execution Exploit ------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.h2desk.com/pmos...
NOCC 1.0 html_bottom_table.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject...
PHP Photo Album <= 0.4.1.16 - Multiple Disclosure Vulnerabilities
No description provided by source. ---------------------------------------------------------------- PHP Photo Album = 0.4.1.16 Multiple Disclosure Vulnerabilities ---------------------------------------------------------------- Exploit Title: PHP Photo Album = 0.4.1.16 Multiple Disclosure...
Shop-Script FREE <= 2.0 - Remote Command Execution Exploit
No description provided by source. ?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo --------------------------------------------------------\n; echo Shop-Script...
Feed on Feeds <= 0.5 - Remote PHP Code Injection Exploit
No description provided by source. ?php / ------------------------------------------------------ Feed on Feeds = 0.5 Remote PHP Code Injection Exploit ------------------------------------------------------ author..........: EgiX mail............: n0b0d13satgmaildotcom software link...:...
Guppy <= 4.5.9 (REMOTE_ADDR) Remote Commands Execution Exploit
No description provided by source. ?php if magicquotesgpc is off you can inject arbitrary php code from rgod /str0ke ---guppy459xpl.php 17.30 28/11/2005 Guppy =4.5.9 SERVERREMOTEADDR overwrite / remote commands xctn coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in...
Fly-High CMS 2012-07-08 - Unrestricted File Upload Exploit
No description provided by source. ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Fly-High CMS...
RoSPORA <= 1.5.0 - Remote PHP Code Injection
No description provided by source. ?php / -------------------------------------------------- RoSPORA = 1.5.0 Remote PHP Code Injection Exploit -------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://code.google.com/p/rospora/ This PoC...