phpBB 2.0.18 - Remote Brute Force/Dictionary (2)

!/usr/bin/perl Title: PhpBB Note: Host the php script and replace the line 34 Php script for the email option because win32 don't support Mail::Mailer Changelog: Bruteforce option | Starting length | Email option | More fast | Die error disabled | Credits: Fully coded by DarkFig Greetz: Romano Pg...

XSS vulnerability in guestbook-php-script

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- SySS-Advisory: XSS-vulnerability in guestbook-php-script - ------------------------------------------------------------------- Problem discovered: February 3d 2006 Vendor contacted:...

creLoaded 6.15 - HTMLAREA Automated Perl

creLoaded 6.15 - HTMLAREA Automated Perl !/usr/bin/perl creLoaded Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. Can specify: User-defined PHP script or one provided in this script suits most...

creLoaded 6.15 - 'HTMLAREA' Automated Perl

!/usr/bin/perl creLoaded Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. Can specify: User-defined PHP script or one provided in this script suits most occasions Additional variables to pass to...

creLoaded <= 6.15 (HTMLAREA) Automated Perl Exploit

No description provided by source. !/usr/bin/perl creLoaded = 6.15 HTMLAREA automated perl exploit hacked up by kaneda [email protected] Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. C...

creLoaded <= 6.15 (HTMLAREA) Automated Perl Exploit

Exploit for unknown platform in category web applications =================================================== creLoaded Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. Can specify: User-defined...

Ubuntu 4.10 : imlib2 vulnerabilities (USN-55-1)

Recently, Pavel Kankovsky discovered several buffer overflows in imlib which were fixed in USN-53-1. It was found that imlib2 was vulnerable to similar issues. If an attacker tricked a user into loading a malicious XPM or BMP image, he could exploit this to execute arbitrary code in the context o...

phpDocumentor <= 1.3.0 RC4 Local And Remote File Inclusion

phpDocumentor is a automatic documentation generator for PHP. The remote host appears to be running the web-interface of phpDocumentor. This version does not properly sanitize user input in the 'filedialog.php' file and a test file called 'bug-559668.php' It is possible for an attacker to include...

The Includer includer.cgi Arbitrary Command Execution

The remote host is running The Includer, a PHP script for emulating server-side includes. The version of The Includer installed on the remote host allows an attacker to execute arbitrary shell commands by including shell metacharacters as part of the URL. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2005-4094

connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script...

qnews.txt

Language: PHP Script: Q-News Version: 2.0 Official website: http://sourceforge.net/projects/q-news/ Problem: Remote file inclusion Discovered by: GB Description: =========== Q-News is a Quick News generator written in PHP that generates small text files that can be included a site, it has a lot o...

Softbiz Resource Repository Script SQL vuln.

Softbiz Resource Repository Script SQL vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/softbiz-resource-repository-script-sql.html Vendor:http://www.softbizscripts.com/resource-repository-script-features.php affected version: 1.1 and prior...

Guppy 4.5.9 - REMOTE_ADDR Remote Command Execution

Guppy 4.5.9 - REMOTEADDR Remote Command Execution Guppy body background-color:111111; SCROLLBAR-ARROW-COLOR: ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: 1CB081; img backgro...

Softbiz Web Host Directory Script Multiple vuln.

Softbiz Web Host Directory Script Multiple vuln. Vuln. dicovered by : r0t Date: 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/web-host-directory-script-multiple.html Vendor:www.softbizscripts.com Product link:http://www.softbizscripts.com/web-hosting-directory-script.php...

BasiliX Arbitrary File Disclosure Vulnerability

The remote web server contains a PHP script that is prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary files that are accessible to the web server user when sending a message since they...

Basit cms Cross Site Scripting Bugs

The remote web server contains a PHP script which is vulnerable to a cross site scripting and SQL injection issue. Description : Basit cms 1.0 has a cross site scripting bug. An attacker may use it to perform a cross site scripting attack on this host. In addition to this, it is vulnerable to a S...

BasiliX Arbitrary Command Execution Vulnerability

The remote web server contains a PHP script that is prone to arbitrary command execution. Description : The remote host appears to be running a version of BasiliX between 1.0.2beta or 1.0.3beta. In such versions, the script 'login.php3' fails to sanitize user input, which enables a remote attacke...

TeeKai Tracking Online XSS

The remote host runs Teekai Tracking Online, a PHP script used for tracking the number of user's on a Web site. This version is vulnerable to cross-site scripting attacks. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity. OpenVAS...

PunBB profile.php XSS

The remote web server contains a PHP script that is prone to multiple cross-site scripting attacks. Description : According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script 'profile.php'. With a specially-crafted URL, an attacker...

Artmedic Kleinanzeigen File Inclusion Vulnerability

Artmedic Kleinanzeigen, an email verifying PHP script, has been found to contain an external file inclusion vulnerability. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...