16 matches found
EUVD-2002-2024
Malware in sbrugna...
EUVD-2005-0430
Malware in sbrugna...
My Little Forum 2.3.5 - PHP Command Injection
My Little Forum 2.3.5 - PHP Command Injection / + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt + ISR: APPARITIONSEC Vendor: ================= mylittleforum.net Download:...
My Little Forum 2.3.5 - PHP Command Injection
/ + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt + ISR: APPARITIONSEC Vendor: ================= mylittleforum.net Download: github.com/ilosuna/mylittleforum/releases/tag/v2.3.5 Product:...
PHPMoAdmin 1.1.2 Remote Code Execution Exploit
This Metasploit module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval in PHPMoAdmin. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4...
PHPMoAdmin 1.1.2 Remote Code Execution
This module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval in PHPMoAdmin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHPMoAdmin 1.1.2 Remote Code...
CSCMS V3.5 最新版 后台命令执行GETSHELL(源码详析)
简要描述: CSCMS V3.5 最新版 后台PHP命令执行GETSHELL(源码详析) CSCMS的全新架构加强了安全性,以往的一串漏洞均已修复, 读代码,发现还有新的漏洞 代码分析见详细说明,测试演示在漏洞证明里 详细说明: 漏洞位置为后台的 网站设置-第三方登录设置 中 有关代码如下: /app/controllers/admin/setting.php line:426 public function dengluedit //设置第三方登录的几项配置 $this-CsdjAdmin-AdminQx'4'; //注意,本处已使用xssclean过滤特定字符,之后的结论会用到...
Multiple Vulnerabilities in phpAlbum.net
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpAlbum.net which could be exploited to perform cross-site scripting and cross-site request forgery attacks and compromise vulnerable system. 1 Cross-site scripting XSS vulnerability in phpAlbum.net The...
Zeroboard文件泄露远程任意命令执行漏洞
BUGTRAQ: 12258 Zeroboard不正确过滤用户提交的URL请求,远程攻击者可以利用这个漏洞查看系统文件内容或以进程权限执行任意命令。 Zeroboard 4.1 pl2-p15 厂商补丁: Zeroboard --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.zeroboard.com/ 远程用户可以提供包含多个'../'字符的数据作为参数提交给有漏洞的脚本处理,可以WEB进程权限查看任意文件内容:...
inout-exec.txt
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Site CMD Host: target server ip/hostname Path: path of phpMyNewsletter CMD: a shell command Example: php ".$argv0." localhost /inout/ cat /etc/password"; die; /...
SimpleBBS 1.0.6/1.0.7/1.1 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/17501/info SimpleBBS is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary PHP commands in the...
HiveMail 1.2.2/1.3 - 'addressbook.update.php?contactgroupid' Arbitrary PHP Command Execution
source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result of an input-validation error that...
ATutor 1.x - 'print.php?section' Remote File Inclusion
source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...
CVE-2005-2014
The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack...
PHP 4.3.x - Microsoft Windows Shell Escape functions Command Execution
PHP 4.3.x - Microsoft Windows Shell Escape functions Command Execution source: https://www.securityfocus.com/bid/10471/info PHP is reportedly prone to a command execution vulnerability in its shell escape functions. This issue is due to a failure of PHP to properly sanitize function arguments. Th...
CVE-2001-0043
Affected software: PhpGroupWare (before 0.9.7). The vulnerability allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of phpgw.inc.php, due to an include/file inclusion flaw. The described impact is remote command execution ...