Joomla Plugin Core Design Scriptegrator Local File Inclusion Vulnerability

Exploit for php platform in category web applications ========================================================================== Joomla Plugin Core Design Scriptegrator Local File Inclusion Vulnerability ========================================================================== Exploit Title: Cor...

Joomla! Plugin Core Design Scriptegrator - Local File Inclusion

Exploit Title: Core Design Scriptegrator plugin for Joomla! 1.5 file inclusion Author: S2 Crew Hungary Tested on: Debian Linux, Apache, Joomla! 1.5 Code: There's a file called jsloader.php which takes an array of file names from the HTTP GET parameters and calls include on every one of them...

CentOS 3 / 4 : php (CESA-2009:0337)

Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

Ubuntu: Security Advisory (USN-455-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KTorrent PHP Code Injection And Security Bypass Vulnerability

KTorrent is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Crlf injection

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2008-0786

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

drupal -- cross site scripting (register_globals)

The Drupal Project reports: When theme .tpl.php files are accessible via the web and the PHP setting registerglobals is set to enabled, anonymous users are able to execute cross site scripting attacks via specially crafted links. Drupal's .htaccess attempts to set registerglobals to disabled and...

Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-455-1)

Stefan Esser discovered multiple vulnerabilities in the 'Month of PHP bugs'. The substrcompare function did not sufficiently verify its length argument. This might be exploited to read otherwise unaccessible memory, which might lead to information disclosure. CVE-2007-1375 The shared memory shmop...

Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 regression (USN-424-2)

USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem. We apologize for the inconvenience. Multiple buffer overflows have been discovered in various PHP modules. If a PHP application...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2238)

This update fixes the following security problems in the PHP scripting language : - CVE-2006-5465: Various buffer overflows in htmlentities/htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used. - A missing...

USN-455-1: PHP vulnerabilities

Stefan Esser discovered multiple vulnerabilities in the "Month of PHP bugs". The substrcompare function did not sufficiently verify its length argument. This might be exploited to read otherwise unaccessible memory, which might lead to information disclosure. CVE-2007-1375 The shared memory shmop...

php security update

CentOS Errata and Security Advisory CESA-2007:0154-01 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...

CVE-2005-4814

Segue CMS

CVE-2005-4814

Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory...

RaidenHTTPD 1.1.49 (SoftParserFileXml) Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' ----------------------------------------------------------------------------- RaidenHTTPD/1.1.49 remote commands execution exploit by rgod [email protected] site: http://retrogod.altervista.org dork:...

RaidenHTTPD 1.1.49 - SoftParserFileXml Remote Code Execution

RaidenHTTPD 1.1.49 - SoftParserFileXml Remote Code Execution !/usr/bin/php -q -d shortopentag=on ? printr' ----------------------------------------------------------------------------- RaidenHTTPD/1.1.49 remote commands execution exploit by rgod [email protected] site:...

RaidenHTTPD 1.1.49 - 'SoftParserFileXml' Remote Code Execution

!/usr/bin/php -q -d shortopentag=on ? printr' ----------------------------------------------------------------------------- RaidenHTTPD/1.1.49 remote commands execution exploit by rgod [email protected] site: http://retrogod.altervista.org dork: Powered.by.RaidenHTTPD +intitle:index.of |...

CVE-2006-0760

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP...

Ubuntu 4.10 : php4 vulnerabilities (USN-99-2)

USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts to circumvent path restrictions by creating a specially crafted directory whose length exceeded the capacity of the realpath function CAN-2004-1064. However, this caused severe regressions, some applications like SquirrelMail a...