CVE-2007-5984

The CVE-2007-5984 issue affects Justin Hagstrom AutoIndex PHP Script prior to 2.2.4. A crafted %00 sequence in the dir parameter to index.php triggers an erroneous recursive calculation, leading to a denial of service (high CPU and memory consumption). The vulnerability is remote and does not spe...

AutoIndex PHP Script 2.2.22.2.3 - index.php Denial of Service

AutoIndex PHP Script 2.2.22.2.3 - index.php Denial of Service source: https://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. Successfully exploiting this issue allows...

AutoIndex PHP Script 2.2.2/2.2.3 - 'index.php' Denial of Service

source: https://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. Successfully exploiting this issue allows remote attackers to consume excessive CPU resources,...

JBC Explorer <= 7.20 RC 1 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ======================================================= JBC Explorer agent'Mozilla Firefox'; $xpl-allowredirection1; $xpl-cookiejar1; if$prx $xpl-proxy$prx; if$pra $xpl-proxyauth$pra; print "0x01Deleting the file auth.inc.php";...

JBC Explorer 7.20 RC 1 - Remote Code Execution

!/usr/bin/php agent'Mozilla Firefox'; $xpl-allowredirection1; $xpl-cookiejar1; if$prx $xpl-proxy$prx; if$pra $xpl-proxyauth$pra; print "0x01Deleting the file auth.inc.php"; $xpl-post$url.'dirsys/modules/auth.php', 'suppr=1'; print "\n0x02Creating the file auth.inc.php";...

Directory traversal

Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a...

TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution

The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki on the remote host fails to sanitize input to the 'f' parameter of the 'tiki-graphformula.php' script before using it as a function call. Regardless of PHP's 'registerglobals' setting, an...

lightblog-exec.txt

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n";...

Promise NAS NS4300N GUI bug

List, There is a bug in the Promise NAS NS4300N web GUI firmware version 1.1.0.5 which allows an authenticated admin user to change the password of the 'root' account. The user management portion of the web interface allows the admin user to change user's passwords. The PHP script that handles th...

promise-root.txt

List, There is a bug in the Promise NAS NS4300N web GUI firmware version 1.1.0.5 which allows an authenticated admin user to change the password of the 'root' account. The user management portion of the web interface allows the admin user to change user's passwords. The PHP script that handles th...

CVE-2007-5113

report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information web server logs via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-511...

Chupix CMS 0.2.3 - &#039;download.php&#039; Remote File Disclosure

Chupix CMS 0.2.3 download.php Remote File Download Vulnerability P.Script : http://sourceforge.net/project/showfiles.php?groupid=134930 download.php Lain:18-57 - ifisset$GET'fichier' ", "", $result;...

CVE-2007-4820

Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter...

Abledesign Dynamic Picture Frame XSS

Vendor Site: http://abledesign.com/ Version affected: ??? Demo: http://abledesign.com/demo/pframe.php Class: Input Validation Error Overview: Dynamic Picture Frame is a PHP script which allows you to add a variety of picture frames of any size to images on your website. Dynamic Picture Frame fail...

xampp-local.txt

. //27.08.2007 16:36 .. //14.08.2007 14:21 108 .asadminpass //14.08.2007 14:21 772 .asadmintruststore //14.08.2007 18:31 .exe4j4 //26.08.2007 03:13 427 .glade2 //21.08.2007 16:35 .msf3 //10.08.2007 04:41 Contacts //27.08.2007 01:44 129 default.pls //27.08.2007 17:57 Desktop //23.08.2007 21:12 $qQ...

XAMPP for Windows 1.6.3a - Local Privilege Escalation

XAMPP for Windows 1.6.3a - Local Privilege Escalation . //27.08.2007 16:36 .. //14.08.2007 14:21 108 .asadminpass //14.08.2007 14:21 772 .asadmintruststore //14.08.2007 18:31 .exe4j4 //26.08.2007 03:13 427 .glade2 //21.08.2007 16:35 .msf3 //10.08.2007 04:41 Contacts //27.08.2007 01:44 129...

AutoIndex PHP Script 2.2.1 - index.php Cross-Site Scripting

AutoIndex PHP Script 2.2.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/25448/info AutoIndex PHP Script is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute...

AutoIndex PHP Script 2.2.2 - PHP_SELF index.php Cross-Site Scripting

AutoIndex PHP Script 2.2.2 - PHPSELF index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26411/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to...

AutoIndex PHP Script 2.2.2 - &#039;PHP_SELF index.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/26411/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting use...

XAMPP for Windows 1.6.3a - Local Privilege Escalation

. //27.08.2007 16:36 .. //14.08.2007 14:21 108 .asadminpass //14.08.2007 14:21 772 .asadmintruststore //14.08.2007 18:31 .exe4j4 //26.08.2007 03:13 427 .glade2 //21.08.2007 16:35 .msf3 //10.08.2007 04:41 Contacts //27.08.2007 01:44 129 default.pls //27.08.2007 17:57 Desktop //23.08.2007 21:12 $qQ...