cmsmadesimple-upload.txt

?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Battle.net Clan Script 1.5.x - SQL Injection

Battle.net Clan Script 1.5.x - SQL Injection !/usr/bin/perl -w download script : http://sourceforge.net/project/showfiles.php?groupid=142506&packageid=156487 Battle.net Clan Script div Members Rank Member Name Email Date Joined ?phpmysqlselectdb$mysqldb or diemysqlerror; $sql = 'SELECT...

CMS Made Simple 1.2.4 Module FileManager - Arbitrary File Upload

?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

[ GLSA 200805-04 ] eGroupWare: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

Unrestricted file upload

Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request...

CVE-2008-2110

Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request...

HLDS WebMod 0.48 (rconpass) Remote Heap Overflow Exploit

No description provided by source. ?php HLDS WebMod 0.48 rconpass Remote Heap Overflow Exploit Tested on HLDS Launcher 4.1.1.1, WebMod 0.48, Windows XP SP2 Hebrew shir, skod.uk at gmail dot com 17/12/2007 Registers rconpass = "A"x16444: EAX 67E04955 wmm.67E04955 ECX 41414141 EDX 41414141 EBX...

CVE-2008-1989

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter...

CVE-2008-1893

PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter...

Code injection

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...

CVE-2008-1860

LokiCMS versions 0.3.3 and earlier are affected by a static code injection vulnerability in admin.php, allowing remote attackers to inject arbitrary PHP into includes/Config.php via the default parameter. The issue arises from the underlying code path described in CVE-2008-1860 and is rated with ...

LightNEasy SQLite / no database <= 1.2.2 Multiple Remote Vulnerabilities

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 14/04/08 CMS: LightNEasy SQLite / no database = 1.2.2 Site: lightneasy.org Advisory: Multiple Remote Vulnerabilities Need: magicquotesgpc = Off magicquotesgpc = On / Off for SQL Injections Bug 1: Remote File...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...

CVE-2008-1776

CVE-2008-1776 is a PHP remote file inclusion vulnerability in PhpBlock A8.4 where an attacker can cause arbitrary PHP code execution via a URL supplied to PATH_TO_CODE in modules/basicfog/basicfogfactory.class.php. Multiple sources (NVD entries and related records) confirm the vulnerable file and...

mumbojumbo-sql.txt

php '.$argv0.' http://www.site.com/cms/ 300 1 '; if $argc 1 printr' '; echo 'Searching for Admin: '; for$i=1; $i = 50; $i++ $temp1 = filegetcontents$argv1.'index.php?id='.$argv2.'+and+lengthselect+kennung+from+op4admin+where+id='.$argv3.'='.$i.'--'; if strpos$temp1,'Die angeforderte Seite existie...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the inclpage parameter in 1 structadmin.php, 2 structadminblog.php, and 3 structmain.php in blogadata/include...

lokicms-exec.txt

Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS = 0.3.3 Rem...

LokiCMS <= 0.3.3 Remote Command Execution Exploit

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection Exploit: Remote Command Execution Vuln Code: admin.php if $GET'default' != '' // User want's to set the default page writeconfig$cpassword,...