MyBackup 1.4.0 Multiple Security Vulnerabilities

MyBackup is prone to multiple security vulnerabilities. These vulnerabilities include a directory-traversal vulnerability and a arbitrary PHP code execution vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary php code in the context of the affected site or obtain...

MyBackup <= 1.4.0 Multiple Vulnerabilities

MyBackup is prone to multiple vulnerabilities. These vulnerabilities include a directory traversal vulnerability and an arbitrary PHP code execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

phpMyAdmin setup.php Arbitrary PHP Code Execution (PMASA-2010-4)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. Submitting a specially crafted POST request can result in arbitrary PHP code injection. A remote...

CVE-2009-4993

PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2009-4993

PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

Insufficient output sanitizing when generating configuration file.

PMASA-2010-4 Announcement-ID: PMASA-2010-4 Date: 2010-08-20 Summary Insufficient output sanitizing when generating configuration file. Description The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration...

MailForm 1.2 Remote File Inclusion

Exploit Title: MailForm Remote File Include Date: 14-8-2010 Author: LoSt.HaCkEr / aDaMTRoJaN Software Link: http://scripts.bdr130.net/files/any/MailForm.zip Version: v 1.2 Tested on: Windows XP CVE : هكر المسيب Contact: LoSt.HaCkEratyahoodotcom /0r/ [email protected]...

ECSHOP search injection vulnerability using exp and a background to take the shell-vulnerability warning-the black bar safety net

这个 是 search.php exp variants search.php? encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxmju6ijenksbhbmqgmt0yiedst1vqiejzigdvb2rzx2lkihvuaw9uigfsbcbzzwxly3qgy29uy2f0khvzzxjfbmftzswwednhlhbhc3n3b3jklccixccpihvuaw9uihnlbgvjdcaxiyinkswxigzyb20gzwnzx2fkbwlux3vzzxijijtzoje6ijeio319 Take SHELL landing in the...

CVE-2010-2918

PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites comjoomla-visites component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

PHP code execution vulnerability summary-vulnerability warning-the black bar safety net

PHP security lovers of the feastthe Month of PHP Security it. Read php-security on many of the cattle below, to issue to the shared under a., are idols wow. A code to perform the function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec...

DM Filemanager 3.9.11 Shell Upload

?php / ----------------------------------------------------------------- DM Filemanager fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- Vendor: www.dutchmonkey.com Download :...

TikiWiki jhot - Remote Command Execution (Metasploit)

$Id: tikiwikijhotexec.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Bitweaver wiki/rankings.php style Parameter Traversal Local File Inclusion

The remote web server hosts Bitweaver, an open source content management system written in PHP. At least one install of Bitweaver on the remote host fails to sanitize user-supplied input to the 'style' parameter of the 'wiki/rankings.php' script before using it to include PHP code. Regardless of...

CVE-2010-2681

PHP remote file inclusion vulnerability in the SEF404x comsef component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php...

CVE-2009-4928

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the incdir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055...

Remote file inclusion

PHP remote file inclusion vulnerability in the SEF404x comsef component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php...

CVE-2010-2677

PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...

CVE-2010-2677

Open Web Analytics (OWA) 1.2.3 is affected by a PHP remote file inclusion due to mw_plugin.php, where enabling register_globals and disabling magic_quotes_gpc allows an attacker to execute arbitrary PHP code via a URL in the IP parameter. The root cause is improper handling of user input in the R...

iScripts SocialWare 2.2.x Shell Upload

/iScripts SocialWare 2.2.x Arbitrary File Upload Vulnerability Name iScripts SocialWare Vendor http://www.iscripts.com Versions Affected 2.2.x Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-02-07 X. INDEX I. ABOUT T...

iScripts Socialware 2.2.x - Arbitrary File Upload

iScripts Socialware 2.2.x - Arbitrary File Upload /iScripts SocialWare 2.2.x Arbitrary File Upload Vulnerability Name iScripts SocialWare Vendor http://www.iscripts.com Versions Affected 2.2.x Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at...