GLSA-200701-11 : Kronolith: Local file inclusion

The remote host is affected by the vulnerability described in GLSA-200701-11 Kronolith: Local file inclusion Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. Impact : An authenticated attacker could craft an...

Code injection

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. NOTE: a reliable third party disputes this vulnerability because thispath is defined before use...

guest402.txt

!/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status Trying to add a skin | sploit Done | status Writin...

CVE-2007-0189

PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value...

CVE-2007-0190

PHP remote file inclusion vulnerability in editaddress.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter...

@lex Guestbook <= 4.0.2 Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php // | | header @lex Guestbook = 4.0.2 Remote Command Execution Exploit | header ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor |...

CVE-2007-0135

PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the currentpath parameter...

CVE-2007-0115

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php...

WordPress Charset解抹SQL注入漏洞

WordPress是一款流行的网络日记程序。 WordPress处理字符集解码存在问题，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 在当PHP的mbstring扩展激活时，WordPress支持使用不同字符集解码Trackback，因为解码发送在数据库为输入数据执行选择正确的字符集之前，因此允许绕过针对SQL注入的保护。 为了演示需要，Stefan Esser建议使用UTF-7字符集来利用，因为其他的多字节字符集允许多字节序列以''结尾。...

@lex Guestbook 4.0.2 - Remote Command Execution

@lex Guestbook 4.0.2 - Remote Command Execution !/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status...

@lex Guestbook <= 4.0.2 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ======================================================== @lex Guestbook @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit...

@lex Guestbook 4.0.2 - Remote Command Execution

!/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status Trying to add a skin | sploit Done | status Writin...

L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit

Exploit for unknown platform in category web applications ======================================================================== L2J Statistik Script = 0.09 index.php page Local File Include Exploit ======================================================================== ? print ' | \ | \ \ / |...

L2J Statistik Script 0.09 - index.php Local File Inclusion

L2J Statistik Script 0.09 - index.php Local File Inclusion ? print ' | \ | \ \ / | | | | | | | \ \ \ / \ \ | \ \ / \ | \ | | | / \ | \ \ \ / / | | | | | | | | | | ||/ // |./ |/\ ./ |/ || | \ \ / \ \ / | | | / | | | | | | \ | \ \ | \ | | / | | | / | | | / | |/ ,||./ | |,||\ Rev.4...

CVE-2006-6887

Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/widged.php aka the WidgEd plugin, a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is...

CVE-2006-6887

The CVE-2006-6887 entry describes an unrestricted file upload vulnerability in logahead UNU 1.0 (before 2006-12-26) allowing remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (WidgEd plugin). The root cause is suggested as a po...

vBulletin misc.php Template Name Arbitrary Code Execution

This module exploits an arbitrary PHP code execution flaw in the vBulletin web forum software. This vulnerability is only present when the "Add Template Name in HTML Comments" option is enabled. All versions of vBulletin prior to 3.0.7 are affected. This module requires Metasploit:...

PAJAX Remote Command Execution

RedTeam has identified two security flaws in PAJAX 'PAJAX Remote Command Execution', 'Description' = %q RedTeam has identified two security flaws in PAJAX 'Matteo Cantoni ', 'hdm' , 'License' = MSFLICENSE, 'References' = 'CVE', '2006-1551', 'OSVDB', '24618', 'BID', '17519', 'URL',...

CVE-2007-0050

PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests th...