XCMS 1.11.7 - Password Arbitrary PHP Code Execution

XCMS 1.11.7 - Password Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/25771/info Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to...

XCMS 1.1/1.7 - 'Password' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/25771/info Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of...

CMS Made Simple 1.2 Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ======================================================= CMS Made Simple 1.2 Remote Code Execution Vulnerability ======================================================= o bug /". . . . .-' -...-'/ o o , . o -...--".\ vuln.: CMS Made Simple...

CMS Made Simple 1.2 - Remote Code Execution

CMS Made Simple 1.2 - Remote Code Execution o bug /". . . . .-' -...-'/ o o , . o -...--".\ vuln.: CMS Made Simple 1.1.2 Remote Code Execution Vulnerability author: [email protected] download: http://dev.cmsmadesimple.org/frs/download.php/1424/cmsmadesimple-1.1.2.zip dork: "powered by CMS Made Simpl...

CMS Made Simple 1.2 - Remote Code Execution

o bug /". . . . .-' -...-'/ o o , . o -...--".\ vuln.: CMS Made Simple 1.1.2 Remote Code Execution Vulnerability author: [email protected] download: http://dev.cmsmadesimple.org/frs/download.php/1424/cmsmadesimple-1.1.2.zip dork: "powered by CMS Made Simple version 1.1.2" greetz: cOndemned, kacper,...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in 1 the lvcadmindir parameter to modules/visitors2/admin/view-archiver.inc.php or 2 the lvcincludedir parameter to modules/visitors2/include/menus.inc.php. NOTE: the...

Remote file inclusion

PHP remote file inclusion vulnerability in language/langgerman/langmainalbum.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-5009

PHP remote file inclusion vulnerability in language/langgerman/langmainalbum.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-5014

Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in 1 the lvcadmindir parameter to modules/visitors2/admin/view-archiver.inc.php or 2 the lvcincludedir parameter to modules/visitors2/include/menus.inc.php. NOTE: the...

Remote file inclusion

PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic comjoom12pic 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

CVE-2007-4951

PHP remote file inclusion vulnerability in sample.php in YaPiG 0.95b allows remote attackers to execute arbitrary PHP code via a URL in the YAPIGPATH parameter. NOTE: this issue has been disputed by CVE, since YAPIGPATH is defined before use...

CVE-2007-4954

PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic comjoom12pic 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

CVE-2007-4954

CVE-2007-4954 describes a PHP remote file inclusion in the Joomla! 1.0 extension joom12Pic (com_joom12pic), specifically via the mosConfig_live_site parameter in admin.joom12pic.php. The vulnerability allows an attacker to supply a crafted URL and potentially execute arbitrary PHP code on the ser...

CVE-2007-4942

PHP remote file inclusion vulnerability in modules/Discipline/StudentFieldBreakdown.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter, a different vector than CVE-2007-4806. NOTE: the provenance of this information is unknown...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 programfiles/livedraft/livedraft.php or 2 programfiles/livedraft/admin.php...

Code injection

Direct static code injection vulnerability in includes/admin/sub/confappearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a saveappearence action in admin.php, as demonstrated with the 1 productscount, 2 colscount,...

Shop-Script FREE <= 2.0 Remote Command Execution Exploit

No description provided by source. ?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; echo "Shop-Scrip...

shopscript-exec.txt

?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; echo "Shop-Script FREE = 2.0 Remote Command Executi...

Shop-Script FREE 2.0 - Remote Command Execution

Shop-Script FREE 2.0 - Remote Command Execution ?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; ech...

Shop-Script FREE 2.0 - Remote Command Execution

?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; echo "Shop-Script FREE = 2.0 Remote Command Executi...