LightNEasy SQLite / no database <= 1.2.2 Multiple Remote Vulnerabilities

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 14/04/08 CMS: LightNEasy SQLite / no database = 1.2.2 Site: lightneasy.org Advisory: Multiple Remote Vulnerabilities Need: magicquotesgpc = Off magicquotesgpc = On / Off for SQL Injections Bug 1: Remote File...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...

CVE-2008-1776

CVE-2008-1776 is a PHP remote file inclusion vulnerability in PhpBlock A8.4 where an attacker can cause arbitrary PHP code execution via a URL supplied to PATH_TO_CODE in modules/basicfog/basicfogfactory.class.php. Multiple sources (NVD entries and related records) confirm the vulnerable file and...

mumbojumbo-sql.txt

php '.$argv0.' http://www.site.com/cms/ 300 1 '; if $argc 1 printr' '; echo 'Searching for Admin: '; for$i=1; $i = 50; $i++ $temp1 = filegetcontents$argv1.'index.php?id='.$argv2.'+and+lengthselect+kennung+from+op4admin+where+id='.$argv3.'='.$i.'--'; if strpos$temp1,'Die angeforderte Seite existie...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the inclpage parameter in 1 structadmin.php, 2 structadminblog.php, and 3 structmain.php in blogadata/include...

lokicms-exec.txt

Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS = 0.3.3 Rem...

phpTournois G4 - Arbitrary File Upload Code Execution

phpTournois G4 - Arbitrary File Upload Code Execution Date: 04-06-08 - Remote Code Execution - Remote File Upload When testing if we are admin, phpTournois checks if $grade'a'=='a'. But when we are not loggued in, this var is not defined. So, using registerglobals, we can define it and let the CM...

LokiCMS 0.3.3 - Remote Command Execution

LokiCMS 0.3.3 - Remote Command Execution Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS = 0.3.3 Remo...

LokiCMS <= 0.3.3 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================= LokiCMS = 0.3.3 Remote Command Execution Exploit ================================================= Author: GiReX Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection...

LokiCMS &lt;= 0.3.3 Remote Command Execution Exploit

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection Exploit: Remote Command Execution Vuln Code: admin.php if $GET'default' != '' // User want's to set the default page writeconfig$cpassword,...

LokiCMS 0.3.3 - Remote Command Execution

Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS...

PHPGKit 0.9 - &#039;connexion.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/28526/info PhpGKit is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...

Simple Machines Forum (SMF) 1.1.4 - Multiple Remote File Inclusions

Simple Machines Forum SMF 1.1.4 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/28493/info Simple Machines Forum is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit the...

Simple Machines Forum (SMF) 1.1.4 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/28493/info Simple Machines Forum is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious P...

JAF CMS 4.0.0 RC2 - &#039;website&#039; / &#039;main_dir&#039; Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/28476/info JAF CMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and...

CVE-2008-1511

Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for 1 classes/classadmin.php and 2 classes/classcomments.php. NOTE: the provenance of this information is unknown; the details are...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bndirdefault parameter to 1 adduser.php, 2 createforum.php, 3 createuser.php, 4 deletenotes.php, 5 deleteuser.php, 6 editforum.php, 7 mailusers.php, 8...

Le Forum - Fichier_Acceuil Remote File Inclusion

Le Forum - FichierAcceuil Remote File Inclusion source: https://www.securityfocus.com/bid/28423/info Le Forum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious PHP code in the context ...

Le Forum - &#039;Fichier_Acceuil&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/28423/info Le Forum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...

SA-2008-021 - Live - Cross site request forgery

The contributed module Live provides previews of content items while typing them. Live is vulnerable to a cross site request forgery which may lead to execution of PHP code when an authenticated, privileged user visits a malicious site. Versions affected Live for Drupal 5.x before Live 5.x-0.1...