VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

Exploit for linux platform in category remote exploits ================================================== VHCS http://acid-root.new.fr/ email protected Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwn...

VHCS 2.4.7.1 - &#039;vhcs2_daemon&#039; Remote Code Execution

!/usr/bin/php -q http://acid-root.new.fr/ [email protected] Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwnz + Login successful + The reseller has 2 users + Host domaintest.fr is connected /...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to 1 minimal/wiki.php and 2 simplest/wiki.php...

CVE-2008-1124

Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to 1 components/xmlparser/loadparser.php; 2 admin.php, 3 categories.php, 4 categoriesadd.php, 5...

KC Wiki 1.0 - &#039;/simplest/wiki.php?page&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/28074/info KC Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in t...

KC Wiki 1.0 - &#039;/minimal/wiki.php?page&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/28074/info KC Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in t...

PHPMyTourney Remote file include Vulnerability

Hello PHPMyTourney Remote file include Vulnerability Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] home page : http://phpmytourney.sourceforge.net Script : PHPMyTourney vulnerable file : phpmytourney/sources/tourney/index.p...

PHPMyTourney 2 - tourneyindex.php Remote File Inclusion

PHPMyTourney 2 - tourneyindex.php Remote File Inclusion source: https://www.securityfocus.com/bid/28057/info phpMyTourney is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote fi...

Urulu 2.1 Blind SQL Injection Vulnerability &#40;CVE-2008-0385&#41;

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Urulu Vendor: USystems Subject: Blind SQL Injection Vulnerability Risk: High Author: Daniel Roethlisberger Date: 2008-02-25 CVE Name: CVE-2008-0385 Introduction ------------ An AJAX based Blind SQL Injection vulnerability exists in the Web 2....

Urulu 2.1 Blind SQL Injection Vulnerability &#40;CVE-2008-0385&#41;

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Urulu Vendor: USystems Subject: Blind SQL Injection Vulnerability Risk: High Author: Daniel Roethlisberger Date: 2008-02-25 CVE Name: CVE-2008-0385 Introduction ------------ An AJAX based Blind SQL Injection vulnerability exists in the Web 2....

PHPMyTourney 2 - &#039;/tourney/index.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/28057/info phpMyTourney is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...

CVE-2008-1067

Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the SESSIONpath parameter to 1 ezmlm.php and 2 tools/updatetranslations.php...

Sql injection

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

CVE-2008-1059

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter...

CVE-2008-1060

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

CVE-2008-1060

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

DBHcms &lt;= 1.1.4 Remote File Inclusion exploit

No description provided by source. !/usr/bin/perl DBHcms = 1.1.4 Remote File Inclusion exploit Vendor url: www.drbenhur.com exploit is hard to execute through a browser -possible though- since it's with POST Iron http://www.randombase.com require LWP::UserAgent; Shell: ?php...

WordPress Sniplets Plugin <= 1.2.2 - Remote File Inclusion

Because of this vulnerability in modules/syntaxhighlight.php, the attackers can execute arbitrary PHP code via a URL in the "libpath" parameter. Solution Update the plugin...

DBHcms 1.1.4 - &#039;code&#039; Remote File Inclusion

!/usr/bin/perl DBHcms $shellurl = "http://localhost/s.txt"; print " DBHcms ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to evaluate? "; chomp$code=; $code = s/|new; $ua-timeout10; $ua-envproxy; $response = $ua-post$target,...

Joomla! 'mosConfig_absolute_path' Parameter Remote File Include

The version of Joomla! running on the remote host is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfigabsolutepath' parameter before using it in the index.php script to include PHP code. Provided 'RGEMULATION' is not defined in t...