LokiCMS <= 0.3.3 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================= LokiCMS = 0.3.3 Remote Command Execution Exploit ================================================= Author: GiReX Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection...

phpTournois G4 - Arbitrary File Upload Code Execution

phpTournois G4 - Arbitrary File Upload Code Execution Date: 04-06-08 - Remote Code Execution - Remote File Upload When testing if we are admin, phpTournois checks if $grade'a'=='a'. But when we are not loggued in, this var is not defined. So, using registerglobals, we can define it and let the CM...

LokiCMS 0.3.3 - Remote Command Execution

LokiCMS 0.3.3 - Remote Command Execution Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS = 0.3.3 Remo...

LokiCMS 0.3.3 - Remote Command Execution

Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS...

PHPGKit 0.9 - &#039;connexion.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/28526/info PhpGKit is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...

Simple Machines Forum (SMF) 1.1.4 - Multiple Remote File Inclusions

Simple Machines Forum SMF 1.1.4 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/28493/info Simple Machines Forum is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit the...

Simple Machines Forum (SMF) 1.1.4 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/28493/info Simple Machines Forum is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious P...

JAF CMS 4.0.0 RC2 - &#039;website&#039; / &#039;main_dir&#039; Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/28476/info JAF CMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and...

CVE-2008-1511

Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for 1 classes/classadmin.php and 2 classes/classcomments.php. NOTE: the provenance of this information is unknown; the details are...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bndirdefault parameter to 1 adduser.php, 2 createforum.php, 3 createuser.php, 4 deletenotes.php, 5 deleteuser.php, 6 editforum.php, 7 mailusers.php, 8...

Le Forum - Fichier_Acceuil Remote File Inclusion

Le Forum - FichierAcceuil Remote File Inclusion source: https://www.securityfocus.com/bid/28423/info Le Forum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious PHP code in the context ...

Le Forum - &#039;Fichier_Acceuil&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/28423/info Le Forum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...

SA-2008-021 - Live - Cross site request forgery

The contributed module Live provides previews of content items while typing them. Live is vulnerable to a cross site request forgery which may lead to execution of PHP code when an authenticated, privileged user visits a malicious site. Versions affected Live for Drupal 5.x before Live 5.x-0.1...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the includepath parameter to 1 converter.inc.php, 2 messages.inc.php, and 3 settings.inc.php in includes/...

CVE-2008-1405

PHP remote file inclusion vulnerability in code/display.php in fuzzylime cms 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter...

PHPAuction Multiple Script include_path Parameter File Inclusion

The remote host is running PHPAuction, a PHP script for building auction websites. The version of PHPAuction installed on the remote host fails to sanitize input to the 'includepath' parameter of several scripts before using it to include PHP code. An unauthenticated, remote attacker can exploit...

Null pointer dereference

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences...

CVE-2008-0300

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences...

CVE-2008-0300

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences...

CVE-2008-0300

Mapbender vulnerability CVE-2008-0300 affects Mapbender 2.4 up to 2.4.4, via mapFiler.php. Root cause: lack of input filtering allows PHP code sequences placed in the factor parameter to be written to a file and later executed. Impact: remote code execution on the webserver with the privileges of...