RCblog 1.03 - POST Remote Command Execution

RCblog 1.03 - POST Remote Command Execution !/usr/bin/perl $App : RCblog "; $socket = IO::Socket::INET-newProto="tcp", PeerAddr="$server", PeerPort="http80" || die "- Cannot not connect to host !\n"; print $socket "GET ".$path.$pcode." HTTP/1.1\r\n"; print $socket "User-Agent: ".$pcode."\r\n";...

RCblog <= 1.03 (post) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl $App : RCblog = 1.03 Remote Command Execution Exploit $Bug : http://tinyphp/index.php?post=../afile%00 $IHST: h4ckerz.com / hackerz.ir / coded & discovered By Hessam-x Hessamx -at- Hessamx.net use IO::Socket; use LWP::Simple; print...

CVE-2006-2929

PHP remote file inclusion vulnerability in contrib/forms/evaluation/CFormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSfileroot parameter...

CVE-2006-2928

Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter in 1 dialogs/img.php and 2 dialogs/td.php...

CVE-2006-2888

PHP remote file inclusion vulnerability in wk/wklang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WKwkPath parameter...

Immunity Canvas: DOKUWIKI_EXEC

Name| dokuwikiexec ---|--- CVE| CVE-2006-2878 Exploit Pack| CANVAS Description| DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution Notes| CVE Name: CVE-2006-2878 VENDOR: DokuWiki Repeatability: Infinite References: 'http://www.hardened-php.net/advisory042006.119.html' CVSS: 7.5 DOR...

CVE-2006-2878

The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...

CVE-2006-2878

The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...

MiraksGalerie 2.62 - 'galimage.lib.php?listconfigfile[0]' Remote File Inclusion

source: https://www.securityfocus.com/bid/18313/info MiraksGalerie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files...

[SA20475] MiraksGalerie Multiple File Inclusion Vulnerabilities

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

CVE-2006-2878

CVE-2006-2878 affects DokuWiki (spellcheck.php) where unsanitized PHP code can be injected through the PHP/complex curly syntax in a preg_replace with the /e modifier. A remote unauthenticated attacker could execute arbitrary PHP commands on the webserver running DokuWiki, as described in multipl...

MiraksGalerie 2.62 - 'galsecurity.lib.php?listconfigfile[0]' Remote File Inclusion

source: https://www.securityfocus.com/bid/18313/info MiraksGalerie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files...

MiraksGalerie 2.62 - galsecurity.lib.php?listconfigfile[0] Remote File Inclusion

MiraksGalerie 2.62 - galsecurity.lib.php?listconfigfile0 Remote File Inclusion source: https://www.securityfocus.com/bid/18313/info MiraksGalerie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

CVE-2006-2878

The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...

MiraksGalerie 2.62 - galimage.lib.php?listconfigfile[0] Remote File Inclusion

MiraksGalerie 2.62 - galimage.lib.php?listconfigfile0 Remote File Inclusion source: https://www.securityfocus.com/bid/18313/info MiraksGalerie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfigbhfilepath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in Rumble 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the configArrpathtodir parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blogdcpath parameter, which passes fileexists and isdir tests on PHP 5...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to 1 auth/extauth/drivers/mambo.inc.php or 2 auth/extauth/drivers/postnuke.inc.php...

CVE-2006-2845

PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REXINCLUDEPATH parameter to imageresize/pages/index.inc.php...