PMOS Help Desk <= 2.4 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ====================================================== PMOS Help Desk = 2.4 Remote Command Execution Exploit ====================================================== ?php / ------------------------------------------------------ PMOS Help Des...

Shadowed Portal 5.7d3 - Remote Command Execution

!/usr/bin/python -- coding: iso-8859-15 -- ''' / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ------------------------------------------------------------------------------------------------ This is a Public Exploit. 21/12/2007 dd-mm-yyyy...

CVE-2007-6464

Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the grootdir parameter to 1 adminpageopen.php and 2 clientpageopen.php in global/templates/...

Code injection

Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action...

Code injection

Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...

CVE-2007-6412

Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action...

Remote file inclusion

PHP remote file inclusion vulnerability in blocks/blocksitemap.php in ViArt 1 CMS 3.3.2, 2 HelpDesk 3.3.2, 3 Shop Evaluation 3.3.2, and 4 Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the rootfolderpath parameter. NOTE: some of these details are obtained from...

Remote file inclusion

PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the configfsBase parameter, a different vector than CVE-2006-2726...

CVE-2007-6296

PHP remote file inclusion vulnerability in userspopupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 level parameter to a installmodule.php and b uninstallmodule.php in upload/xax/admin/modules/, c upload/xax/admin/patch/index.php, and d...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccmslibrarypath parameter to 1 markdown.php and 2 gallery.php in decoder/...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfmbasepath parameter...

CVE-2007-6139

PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skinfile parameter...

CVE-2007-6133

PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfmbasepath parameter...

ucms-backdoor.txt

Opencosmo Security http://www.opencosmo.com Ucms v. 1.8 Np exploit function sethostseite document.host.action = seite + 'index.php?&q=test&e=1'; document.all.data.innerHTML = document.host.action; /he...

RunCMS xoopsOption Parameter Local File Inclusion

The version of RunCMS installed on the remote host fails to sanitize user input to the 'xoopsOptionpagetype' parameter before using it to include PHP code in 'include/common.php'. Regardless of PHP's 'registerglobals' setting, an unauthenticated, remote attacker may be able to exploit this issue ...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 languagefile parameter to a comments-display-tpl.php and b addons/separate-comments-mod/my-comments-display-tpl.php and the 2 configcommentsformtpl paramete...

CVE-2007-6105

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 languagefile parameter to a comments-display-tpl.php and b addons/separate-comments-mod/my-comments-display-tpl.php and the 2 configcommentsformtpl paramete...

Code injection

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php...

CVE-2007-6082

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php...