P.A.S. (php web-shell)

P.A.S. v.3.0.x Возможности : - Авторизация по кукам. - Шифрование шелла по вашему паролю сразу при скачивании. - Файловый менеджер : групповое удаление, перемещение, копирование, скачка и загрузка файлов и директорий. переименование и создание файлов и директорий. правка, просмотр, изменении...

- Through the enterprise website for the latest 0DAY vulnerabilities-vulnerability warning-the black bar safety net

Easy to pass business website system also known as the easy pass enterprise web applications, is easy through the company developed China's first to provide free corporate website template marketing type enterprise website management system, The system front to generate html, in full compliance...

BlogIt <= 1.6.0 Php Code Injection Vulnerability

Exploit for php platform in category web applications =================================================================== BlogIt Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 + Discovered B...

Joomla! Component com_calcbuilder - &#039;id&#039; Blind SQL Injection

--------------------------------------------------------------------------------- Joomla Component Calc Builder id Blind SQL Injection Vulnerability --------------------------------------------------------------------------------- Author : Chip D3 Bi0s Group : LatinHackTeam Email & msn :...

Dotclear Arbitrary File Upload Vulnerability

Dotclear is prone to arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WSO Web Shell 2.5.1 Download

This utility provides a Web interface for remote operation c operating system and its service / daemon. Opportunity Description / features: Authorization for cookies Server Information File manager copy, rename, move, delete, chmod, touch, creating files and folders View, hexview, editing,...

CVE-2011-1584

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...

Information disclosure

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...

CVE-2011-1584

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...

CVE-2011-1329

WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file...

Code injection

WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file...

CVE-2011-1329

WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file...

vBulletin 4.1.2 search.php SQL Injection

Requirements require 'msf/core' Class declaration class Metasploit3 'vBulletin 4 %q vBulletin versions 4 Exploit Only 'James Bercegay http://www.gulftech.org/ ' , 'License' = MSFLICENSE, 'References' = 'BID', '47281' , , 'Privileged' = false, 'Platform' = 'php', 'Arch' = ARCHPHP, 'Targets' =...

Vanilla Forum p Parameter Local File Inclusion

The remote web server hosts Vanilla Forums, an open source forum software written in PHP. The installed version of Vanilla Forums uses a '/' character in the 'AnalyzeRequest' method in 'library/core/class.dispatcher.php' to separate input passed via the 'p' parameter of the 'index.php' script int...

WordPress Plugin Is-human 1.4.2 - Remote Command Execution

Exploit Title: is-human 1.4.2 and prior Worpdress plugin. Date: 16.05.2011 Author: neworder www.neworder-ind.net Software Link: http://wordpress.org/extend/plugins/is-human/ Version: 1.4.2 Tested on: Linux Platform The vulnerability exists in /is-human/engine.php . It is possible to take control ...

Is-Human 1.4.2 WordPress Plugin Command Execution

Exploit Title: is-human 1.4.2 and prior Worpdress plugin. Date: 16.05.2011 Author: neworder www.neworder-ind.net Software Link: http://wordpress.org/extend/plugins/is-human/ Version: 1.4.2 Tested on: Linux Platform The vulnerability exists in /is-human/engine.php . It is possible to take control ...

Joomla 1.6.0 SQL Injection / PHP Execution

Requirements require 'msf/core' Class declaration class Metasploit3 'Joomla 1.6.0 // SQL Injection - PHP Execution', 'Description' = %q A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage...

CVE-2010-2789

PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors...

PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net

A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...

CitusCMS 0.6 Backup Disclosure

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...