CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

TTY Nop Generator

Generates harmless padding for TTY input This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This class implements a "nop" generator for TTY payloads class MetasploitModule 'TTY Nop Generator', 'Alias' = 'ttygeneric',...

CuteNews多个跨站脚本及PHP代码注入漏洞

BUGTRAQ ID: 33167 Cutenews是一款功能强大的新闻管理系统，使用平坦式文件存储。 Cutenews的index.php文件没有正确地验证对mod参数的输入便返回给了用户，这允许攻击者执行跨站脚本攻击；此外在阻断IP地址时没有正确的验证对addip参数的输入便储存在了data/ipban.db.php文件中，这可能导致注入并执行任意PHP代码。成功利用这个漏洞要求管理权限且禁用了.htaccess文件支持。 CutePHP CuteNews 1.4.6 厂商补丁： CutePHP -------...

XOOPS mydirname参数多个PHP代码注入漏洞

BUGTRAQ ID: 33176 Xoops是非常流行的动态web内容管理系统，用面向对象的PHP编写。...

CVE-2009-0103

Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 appspathplug parameter to plugin/gateway/gnokii/init.php, the 2 appspaththemes parameter to plugin/themes/default/init.php, and the 3 appspathlibs parameter ...

XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit

No description provided by source. !/usr/bin/php -q ?php / XOOPS 2.3.2 mydirname Remote PHP Code Execution Exploit by athos - stakerathotmaildotit http://xoops.org thanks to s3rg3770 and The:Paradox works with register globals on note: this vuln is a remote php code execution Directory...

XOOPS 2.3.2 Code Execution Exploit

!/usr/bin/php -q 3 die"\n$num isn't a valid option\n"; else yeatshell; function yeatshell while 1 echo "yeatphp-shell$: "; $exec = stripslashestrimfgetsSTDIN; if preg...

CVE-2008-5792

PHP remote file inclusion vulnerability in showjoined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue...

CVE-2008-5789

Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator comfeederator component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the 1 mosConfigabsolutepath parameter to a addtmsp.php, b edittmsp.php and c tmsp.php in includes/tmsp...

CVE-2008-5790

Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions comcompetitions component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSmosConfigabsolutepath parameter to a add.php and b competitions.php in includes/competitions/, and...

Flexcustomer 0.0.6 Administrative Login Bypass

START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bug: Admin Login Bypass Bug:...

Remote file inclusion

PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter...

CVE-2008-5764

PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter...

Flexcustomer 0.0.6 Admin Login Bypass / Possible PHP code writing Vulns

No description provided by source. START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bu...

YourPlace 1.0.2 Command Execution / Database Disclosure

START 0x01 Informations: Script : YourPlace 0.5 beta 1 Download : http://www.hotscripts.com/jump.php?listingid=80545&jumptype=1 Vulnerability : DB Disclosure / Arbitrary Data Saving RCE EXPLOIT / Arbitrary File Upload / PHPInfo Disclosure / User Change Account Author : Osirys Contact :...

Flexcustomer 0.0.6 - Admin Authentication Bypass Possible PHP Code Writing

Flexcustomer 0.0.6 - Admin Authentication Bypass Possible PHP Code Writing START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact :...

Flexcustomer 0.0.6 Admin Login Bypass / Possible PHP code writing

Exploit for unknown platform in category web applications ================================================================= Flexcustomer 0.0.6 Admin Login Bypass / Possible PHP code writing ================================================================= START 0x01 Informations: Script :...

Flexcustomer 0.0.6 Admin Login Bypass / Possible PHP code writing

No description provided by source. START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bu...

ThePortal 2.2 Arbitrary Remote File Upload Exploit

No description provided by source. web apps theportal2 v2.2 Auth bypass file upload -------------------- Author: siurek22 -------------------- You need curl to run it -------------------- Code: -------------------- upload.php ?php $file=$POST'url'; $fel=explode"\n", $file; $ile=count$fel;...

Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP Code Writing

START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bug: Admin Login Bypass Bug:...