CVE-2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...

Directory traversal

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...

CVE-2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...

CVE-2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...

CVE-2008-0782

Removed by vendor...

CVE-2008-0782

CVE-2008-0782 describes a directory traversal in MoinMoin up to version 1.5.8 and earlier. An attacker could overwrite arbitrary files by sending a dot-dot in the MOIN_ID cookie during a userform action; the issue could also enable PHP code execution via the quicklinks parameter. The vulnerabilit...

Remote file inclusion

PHP remote file inclusion vulnerability in membershelp.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter...

CVE-2008-0743

PHP remote file inclusion vulnerability in membershelp.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter...

SA-2008-017 - Header image - Access bypass

The Header image module allows sites to display an image on selected pages based on the node id, path, taxonomy, node type, containing book or the result of PHP code. The module contains a vulnerability where access to the module's administration pages is granted to any user, including the...

journalness-exec.txt

!/usr/bin/perl Vendor url: journalness.sourceforge.net note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Journalness ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to...

openrealty-exec.txt

!/usr/bin/perl Vendor url: www.open-realty.org note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Open-Realty ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to evaluate? ";...

Journalness 4.1 - last_module Remote Code Execution

Journalness 4.1 - lastmodule Remote Code Execution !/usr/bin/perl Vendor url: journalness.sourceforge.net note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Journalness ; if$target ! /^http:/// $target = "http://".$target;...

Open-Realty 2.4.3 - last_module Remote Code Execution

Open-Realty 2.4.3 - lastmodule Remote Code Execution !/usr/bin/perl Vendor url: www.open-realty.org note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Open-Realty ; if$target ! /^http:/// $target = "http://".$target; if$target !...

Journalness 4.1 - 'last_module' Remote Code Execution

!/usr/bin/perl Vendor url: journalness.sourceforge.net note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Journalness ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to...

CVE-2008-0635

Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors...

CVE-2008-0566

PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fullpathtopublicprogram parameter...

CVE-2008-0572

Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MMGLOBALShome parameter to 1 acweb/adminindex.php; and 2 ask.inc.php, 3 learn.inc.php, 4 manage.inc.php, 5 mind.inc.php, and 6 sensory.inc.php in include/...

XOOPS 2.0.18 Local File Inclusion / URL Redirecting Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-009 Application: XOOPS Versions Affected: XOOPS 2.0.18 Vendor URL: http://www.xoops.org/ Bugs: Local File Include,URL Redirecting phishing Exploits: YES Reported: 28.01.2008 Vendor response: 28.01.2008 Da...

[OPEN[DSECRG-08-010] VHD Web Pack 2.0 Local File Include

Digital Security Research Group DSecRG Advisory DSECRG-08-010 Application: VHD Web Pack 2.0 Versions Affected: VHD Web Pack 2.0 Vendor URL: http://www.divideconcept.net/index.php?page=vhdwebpack/index.php Bugs: Local File Include Exploits: YES Reported: 28.01.2008 Vendor response: NONE Date of...

VHD Web Pack 2.0 (index.php page) Local File Inclusion Vulnerability

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-010 Application: VHD Web Pack 2.0 Versions Affected: VHD Web Pack 2.0 Vendor URL: http://www.divideconcept.net/index.php?page=vhdwebpack/index.php Bugs: Local File Include Exploits: YES Reported: 28.01.20...