Code injection

Direct static code injection vulnerability in postpost.php in Dayfox Blog dfblog 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php...

CVE-2007-1525

Direct static code injection vulnerability in postpost.php in Dayfox Blog dfblog 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php...

CVE-2007-1524

Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. dot dot in the settingsskin parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via...

MOPB-header.txt

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities

source: https://www.securityfocus.com/bid/23055/info w-Agora is prone to multiple arbitrary file-upload vulnerabilities. An attacker can exploit these vulnerabilities to upload PHP script code and execute it in the context of the webserver process. w-Agora 4.2.1 is vulnerable. ?php / Title...

Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution

Exploit for unknown platform in category web applications ============================================================== Net Portal Dynamic System NPDS Options OPTIONS | -proxy If you wanna use a proxy | -proxyauth Basic authentification ";exit1; $url = getparam'url',1; $pro = getparam'proxy'; $p...

Php-Stats &lt;= 0.1.9.1b (php-stats-options.php) admin 2 exec() eExploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b admin 2 exec exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork example: inurl:php-stats.js.php...

phpStats 0.1.9 - PHP-Stats-options.php Remote Code Execution

phpStats 0.1.9 - PHP-Stats-options.php Remote Code Execution source: https://www.securityfocus.com/bid/23008/info PhpStats is prone to a remote code-execution vulnerability because the application fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary PHP...

[ECHO_ADV_75$2007] Groupit 2.00b5 &#40;c_basepath&#41; Remote File Inclusion Vulnerability

ECHOADV75$2007 ------------------------------------------------------------------------------------- ECHOADV75$2007 Groupit 2.00b5 cbasepath Remote File Inclusion Vulnerability -------------------------------------- ---------------------------------------------- Author : Dedi Dwianto a.k.a theday...

CVE-2007-1472

Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $GLOBALS, as demonstrated using a URL in the cbasepath parameter to 1 content.php,...

CVE-2007-1472

Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $GLOBALS, as demonstrated using a URL in the cbasepath parameter to 1 content.php,...

[ECHO_ADV_72$2007] CARE2X &#40;root_path&#41; Remote File Inclusion Vulnerability

ECHOADV72$2007 ------------------------------------------------------------------------- ECHOADV72$2007 CARE2X rootpath Remote File Inclusion Vulnerability -------------------------- ---------------------------------------------- Author : Dedi Dwianto a.k.a theday Date Found : March, 13th 2007...

WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability

No description provided by source. \ /\ / | \ | / // / | | \ \ Y / | / / \ /\| /\ / / / / / .OR.ID ECHOADV74$2007 ------------------------------------------------------------------------------------- ECHOADV74$2007 WebCreator = 0.2.6-rc3 moddir Remote File Inclusion Vulnerability...

Company WebSite Builder PRO 1.9.8 - &#039;INCLUDE_PATH&#039; Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV76$2007 -------------------------------------------------------------------------------------------- ECHOADV76$2007 Company WebSite Builder PRO INCLUDEPATH Remote File Inclusion Vulnerability...

Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications =============================================================== Groupit 2.00b5 cbasepath Remote File Inclusion Vulnerability ===============================================================...

[ECHO_ADV_74$2007] WebCreator &lt;= 0.2.6-rc3 &#40;moddir&#41; Remote File Inclusion Vulnerability

ECHOADV74$2007 ------------------------------------------------------------------------------------- ECHOADV74$2007 WebCreator = 0.2.6-rc3 moddir Remote File Inclusion Vulnerability -------------------------------------- ---------------------------------------------- Author : Dedi Dwianto a.k.a...

Company WebSite Builder PRO 1.9.8 - INCLUDE_PATH Remote File Inclusion

Company WebSite Builder PRO 1.9.8 - INCLUDEPATH Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV76$2007 -------------------------------------------------------------------------------------------- ECHOADV76$2007 Company WebSite Builder...

Groupit 2.00b5 - &#039;c_basepath&#039; Remote File Inclusion

------------------------------------------------------------------------------------- ECHOADV75$2007 Groupit 2.00b5 cbasepath Remote File Inclusion Vulnerability -------------------------------------- ---------------------------------------------- Author : Dedi Dwianto a.k.a theday Date Found :...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 inccheckdatelang.php, 2 inccharsetfx.php, 3 incconfigcolor.php, 4 inccurrencyset.php, 5 incdbmakelink.php, 6 incdiagnosticsreportfx.php, 7...

CVE-2007-1458

Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 inccheckdatelang.php, 2 inccharsetfx.php, 3 incconfigcolor.php, 4 inccurrencyset.php, 5 incdbmakelink.php, 6 incdiagnosticsreportfx.php, 7...