phpwind 7.5 apps/groups/index.php远程包含漏洞

apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码 ?php if $route == "groups" requireonce $basePath . '/action/mgroups.php'; elseif $route == "group" requireonce $basePath . '/action/mgroup.php'; elseif $route == "galbum" requireonce $basePath . '/action/mgalbum.php';...

phpLDAPadmin < 1.2 Local File Inclusion

Binary data 5291.prm...

Calendarix 0.7 - calpath Remote File Inclusion

Calendarix 0.7 - calpath Remote File Inclusion source: https://www.securityfocus.com/bid/37673/info Calendarix is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containi...

SpawCMS Editor Shell Upload Vulnerability

No description provided by source. Author: j4ck j4ck from elitehackers.pl [email protected] just go to directory http:/server/path/spaw/demo.php then use image Upload, select all filetypes, and You can upload your evil PHP code, for example phpshell. Shell will be uploaded to selected directory...

Calendarix 0.7 - &#039;calpath&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/37673/info Calendarix is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...

SpawCMS Editor - Arbitrary File Upload

Author: j4ck j4ck from elitehackers.pl [email protected] just go to directory http:/server/path/spaw/demo.php then use image Upload, select all filetypes, and You can upload your evil PHP code, for example phpshell. Shell will be uploaded to selected directory...

SpawCMS Editor - Arbitrary File Upload

SpawCMS Editor - Arbitrary File Upload Author: j4ck j4ck from elitehackers.pl [email protected] just go to directory http:/server/path/spaw/demo.php then use image Upload, select all filetypes, and You can upload your evil PHP code, for example phpshell. Shell will be uploaded to selected...

SpawCMS Editor Shell Upload Vulnerability

Exploit for unknown platform in category web applications ========================================= SpawCMS Editor Shell Upload Vulnerability ========================================= just go to directory http:/server/path/spaw/demo.php then use image Upload, select all filetypes, and You can...

CVE-2009-4543

PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. dot dot sequences...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. dot dot sequences...

PhotoKorn 1.542 - Cross-Site Scripting Remote File Inclusion

PhotoKorn 1.542 - Cross-Site Scripting Remote File Inclusion source: https://www.securityfocus.com/bid/37559/info Photokorn is prone to a cross-site scripting vulnerability and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploi...

PhotoKorn 1.542 - Cross-Site Scripting / Remote File Inclusion

source: https://www.securityfocus.com/bid/37559/info Photokorn is prone to a cross-site scripting vulnerability and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to execute malicious PHP code in the context o...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSconfigdirplugins parameter to plugins/address/admin/index.php, 2 GLOBALSconfigdirfunctions parameter to plugins/im/compose.php, and 3...

DrBenHur.com DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Include Vulnerability

DrBenHur.com DBHcms 1.1.4 'dbhcmscoredir' Parameter Remote File Include Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/37498/info DrBenHur.com DBHcms is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input...

MvMmall vulnerability analysis-vulnerability warning-the black bar safety net

Author: Sobiny Through the analysis. This program session in the recording mode by include/session. class. php file. This file mvmsession class view source print? 0 1. function handler 0 2. sessionmodulename’user’; 0 3. sessionsetsavehandler 0 4. array’mvmsession’, ’open’, 0 5...

mypage 0.4 - Local File Inclusion

mypage 0.4 - Local File Inclusion mypage0.4 LFI Vulnerability Author: BAYBORA Site: www.1923turk.biz Exploit: Vuln file: index.php?page=LFI Exploit: POST http://server/index.php?page=../../../../../../../../etc/passwd index.php ifisset$GET'page' ... $inhalt=$inhaltsordner."/".$GET'page';...

Piwik Open Flash Chart - Remote Code Execution

Bugtraq ID: 37314 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Dec 14 2009 12:00AM Updated: Dec 17 2009 06:03PM Credit: Braeden Thomas Vulnerable: Piwik Piwik 0.4.3 Piwik Piwik 0.4.2 Piwik Piwik 0.4.1 Piwik Piwik 0.4 Piwik Piwik 0.2.37 Piwik Piwik 0.2.36 Piwik Piwik 0.2.35...

Piwik Open Flash Chart Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ========================================================== Piwik Open Flash Chart Remote Code Execution Vulnerability ========================================================== Class: Input Validation Error CVE: Remote: Yes Local: No...

Piwik Open Flash Chart Remote Code Execution Vulnerability

No description provided by source. Bugtraq ID: 37314 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Dec 14 2009 12:00AM Updated: Dec 17 2009 06:03PM Credit: Braeden Thomas Vulnerable: Piwik Piwik 0.4.3 Piwik Piwik 0.4.2 Piwik Piwik 0.4.1 Piwik Piwik 0.4 Piwik Piwik 0.2.37 Piw...

OSSIM 2.1.5 - Arbitrary File Upload

OSSIM 2.1.5 - Arbitrary File Upload Advisory Name: Arbitrary File Upload in OSSIM Vulnerability Class: Arbitrary File Upload Release Date: 12-16-2009 Affected Applications: Confirmed in OSSIM 2.1.5. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity:...