7206 matches found
H2O-CMS 3.4 - PHP Code Injection Cookie Authentication Bypass
H2O-CMS 3.4 - PHP Code Injection Cookie Authentication Bypass source: https://www.securityfocus.com/bid/31961/info H2O-CMS is prone to a PHP code-injection vulnerability and a cookie authentication-bypass vulnerability. An attacker can exploit the PHP code-injection issue to inject and execute...
H2O-CMS 3.4 - PHP Code Injection / Cookie Authentication Bypass
source: https://www.securityfocus.com/bid/31961/info H2O-CMS is prone to a PHP code-injection vulnerability and a cookie authentication-bypass vulnerability. An attacker can exploit the PHP code-injection issue to inject and execute arbitrary malicious PHP code in the context of the webserver...
bcoos 1.0.13 - common.php Remote File Inclusion
bcoos 1.0.13 - common.php Remote File Inclusion source: https://www.securityfocus.com/bid/31929/info The 'bcoos' program is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote fil...
bcoos 1.0.13 - 'common.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/31929/info The 'bcoos' program is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it i...
WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities
No description provided by source. WebSVN = 2.0 Multiple Vulnerabilities October 20, 2008 Vendor : Tim Armes URL : http://websvn.tigris.org Version : WebSVN = 2.0 Risk : Multiple Vulnerabilities Description: WebSVN is an online SVN repository viewer. The description taken from the project website...
myEvent Multiple Remote Vulnerabilities
myEvent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Admbook PHP Code Injection Flaw
The remote web server contains a PHP script that allows arbitrary code injection. Description : The remote host is running AdmBook, a PHP-based guestbook. The remote version of this software is prone to remote PHP code injection due to a lack of sanitization of the HTTP header 'X-Forwarded-For'...
websvn-xssfhce.txt
WebSVN alertdocument.cookie; A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. File Handling Issues: There are some file handling issues in the RSS functionality used by WebSVN. The issue is caused by the following bit o...
MODX CMS < 0.9.2.2 RFI Vulnerability - Active Check
MODX CMS is prone to a remote file inclusion RFI vulnerability. SPDX-FileCopyrightText: 2008 Justin Seitz Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2008-4704
PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter...
WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ========================================================= WebSVN alertdocument.cookie; A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. File Ha...
Remote file inclusion
PHP remote file inclusion vulnerability in panel/common/theme/default/headersetup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the 1 pathdocroot and 2 component parameters...
Code injection
plugins/eventtracer/eventlist.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by createfunction...
nukeet-upload.txt
?php / --------------------------------------------------------------- Nuke ET = 3.4 fckeditor Remote Arbitrary File Upload Exploit --------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.truzone.org/ This PoC was...
mantis-exec.txt
?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit -------------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom...
Mantis Bug Tracker <= 1.1.3 Remote Code Execution Exploit
No description provided by source. ?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit -------------------------------------------------------------------------------- author...: EgiX...
Mantis Bug Tracker <= 1.1.3 Remote Code Execution Exploit
Exploit for unknown platform in category web applications ========================================================= Mantis Bug Tracker = 1.1.3 Remote Code Execution Exploit ========================================================= ?php /...
Mantis Bug Tracker 1.1.3 - Remote Code Execution
Mantis Bug Tracker 1.1.3 - Remote Code Execution ?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit --------------------------------------------------------------------------------...
CVE-2008-4557
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...