CVE-2007-6642

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...

Directory traversal

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the s parameter to the admin page or 2 the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under...

CVE-2007-6604

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the s parameter to the admin page or 2 the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under...

CVE-2007-6604

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the s parameter to the admin page or 2 the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under...

CVE-2007-6604

CVE-2007-6604 affects XCMS 1.82 and earlier. The vulnerability is in index.php, where directory traversal via a dot-dot sequence in two parameters (s on the admin page, or pg for an arbitrary module) lets remote attackers read arbitrary files. Demonstrations include reading a password hash from a...

XCMS 1.83 - Remote Command Execution

Name : XCMS So the xcms allow you to modify the footer throught a bugged page called cpie.php included in the admin panel. So let's take a look to the bugged code. So with a simple html form we can change the footer. Ex: /textarea input type=...

jPORTAL 2.3.1 & UserPatch - 'forum.php' Remote Code Execution

 $host = $argv1; $path = $argv2; $phpcode = $argv3; $info = "\n\n". " jPORTAL 2.3.1 & UserPatch forum.php Remote PHP Code Execution Exploit\n". "\n". " author: irk4zatyahoo.pl\n". " http://irk4z.wordpress.com\n". "\n". "\n". " greetz: str0ke, wacky, polish under :\n"...

Remote file inclusion

PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter...

CVE-2007-6585

PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter...

Sql injection

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

Code injection

Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the 1 header and 2 footer parameters to modules/system/admin.php in a meta-generator action, 3 the disclaimer parameter to modules/system/admin.p...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

pmos-exec.txt

?php / ------------------------------------------------------ PMOS Help Desk = 2.4 Remote Command Execution Exploit ------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.h2desk.com/pmos dork.....: "Powered by PMOS Help Desk" ...

XCMS 1.82 - LocalRemote File Inclusion

XCMS 1.82 - LocalRemote File Inclusion | ' \ / \ / / \ ' \ | | | | / / | | | || ||//\|| || XCMS = 1.82 LFI & RCE Xpl Nexen rocked this one ; LFIs http://127.0.0.1/xcms/index.php?pg=admin&s=../../../../../etc/passwd\0 http://127.0.0.1/xcms/index.php?mod=existing...

CVE-2007-6548

Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the 1 header and 2 footer parameters to modules/system/admin.php in a meta-generator action, 3 the disclaimer parameter to modules/system/admin.p...

CVE-2007-6550

PMOS Help Desk 2.4 and earlier is affected by CVE-2007-6550. form.php redirects without exiting, enabling remote attackers to perform eval injection and execute arbitrary PHP code via the options array parameter. Affected component: PMOS Help Desk’s PHP form handling. Root cause: missing exit aft...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/frontpageright.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter...

PMOS Help Desk <= 2.4 Remote Command Execution Exploit

No description provided by source. ?php / ------------------------------------------------------ PMOS Help Desk = 2.4 Remote Command Execution Exploit ------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.h2desk.com/pmos...

PHPMySMS gateway.php远程文件包含漏洞

BUGTRAQ ID: 18633 PHPMySMS是一款开放源码的用PHP实现的基于Web的短信解决方案。 PHPMySMS的实现上存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上执行任意命令。 远程攻击者可以利用PHPMySMS的gateway.php文件中的远程文件包含漏洞执行任意PHP代码。漏洞代码如下： ============================================================== if $POSTmode == "1" or $GETmode == "1" include "config.php"; else include...