efriends-admin.txt

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc 126 $result...

AlstraSoft Live Support v1.21 Admin Credential Retrieve Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " AlstraSoft Live Support v1.21 Admin Credential Retrieve Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc2 echo "Usage: php...

Alstrasoft Template Seller Pro 3.25 - Admin Password Change

Alstrasoft Template Seller Pro 3.25 - Admin Password Change !/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Host Path ID password Host: target server ip/hostname Path: path of template ID: A Valid Admin ID usally ...

AlstraSoft Template Seller Pro <= 3.25 Admin Password Change Exploit

Exploit for unknown platform in category web applications ==================================================================== AlstraSoft Template Seller Pro = 3.25 Admin Password Change Exploit ==================================================================== !/usr/bin/php -q -d shortopentag=...

Alstrasoft Template Seller Pro 3.25 - Admin Password Change

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Host Path ID password Host: target server ip/hostname Path: path of template ID: A Valid Admin ID usally 1 works for the 'admin' nickname password: The PWD you want ...

Alstrasoft Live Support 1.21 - Admin Credential Retrieve

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc2 echo "Usage: php ".$argv0." Host Path Host: target server ip/hostname Path: path of LiveSupport Example: php ".$argv0." localhost /LiveSupport/ "; die; errorreporting0;...

CVE-2007-2762

Multiple PHP remote file inclusion vulnerabilities in Build it Fast bif3 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in 1 the peardir parameter to Base/Application.php, or the 2 sysdir parameter to a Footer.php, b widget.BifContainer.php, c widget.BifRoot.php, d...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the formatmenue parameter to 1 admin/inc/changeaction.php or 2 admin/inc/add.php...

CVE-2007-2742

Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg...

Unrestricted file upload

Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg...

CVE-2007-2742

Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg...

CVE-2007-2736

PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the configatkroot parameter...

CVE-2007-2679

Summary: CVE-2007-2679 is a PHP file inclusion vulnerability in Ivan Peevski gallery 0.3 (Simple PHP Scripts, sPHP). Affected component: index.php; vulnerability arises from using a user-supplied gallery parameter as input to file_exists, enabling inclusion of arbitrary PHP code through UNC or lo...

CVE-2007-2663

PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter...

Code injection

Static code injection vulnerability in admin/adminconfiguration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the 1 gadmpass, 2 gadmuser, 3 gcfgHote, 4 gcfgPass, 5 gcfgUser, 6 gclassementrep, 7 gcontour, 8 gfond, 9...

CVE-2007-2647

Static code injection vulnerability in admin/adminconfiguration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the 1 gadmpass, 2 gadmuser, 3 gcfgHote, 4 gcfgPass, 5 gcfgUser, 6 gclassementrep, 7 gcontour, 8 gfond, 9...

CVE-2007-2647

CVE-2007-2647 affects Monalbum 0.8.7. A static code injection vulnerability in admin/admin_configuration.php allows remote authenticated users to inject arbitrary PHP code into conf/config.inc.php by manipulating one of 28 parameters (e.g., gadm_pass, gadm_user, gcfgBase, etc.). The NVD entry doc...

CVE-2007-2628

CVE-2007-2628 affects Justin Koivisto’s SecurityAdmin for PHP (PHPSecurityAdmin) v4.0.2. The vulnerability is a PHP remote file inclusion in include/logout.php that allows an attacker to execute arbitrary PHP code by supplying a URL via the PSA_PATH parameter. Documented impact is arbitrary code ...

Remote file inclusion

PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter...

CVE-2007-2609

Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the a ETCDIR parameter to 1 libs/lom.php; 2 lomupdate.php, 3 check-lom.php, and 4 weighkeywords.php in scripts/; the b LIBSDIR parameter to 5 logout.php, 6 help.php...