1408 matches found
gBook 1.4 Administrative Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6033/info A vulnerability has been discovered in gBook v1.4. It has been reported that it is possible for an unauthorized attacker to gain administrative access to gBook by passing a malicious request to a php script...
Cedric Email Reader 0.2/0.3 Skin Configuration Script Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'email.php' script. Under som...
MHP Downloadshop SQL Injection Vulnerability
No description provided by source. ----------------------------Information------------------------------------------------ +Name : MHP Downloadshop = SQL injection Vulnerability Proof of Concept +Autor : Easy Laster +Date : 17.12.2010 +Script : MHP Downloadshop +Demo...
TorrentFlux 2.3 - admin.php Administrator Account Creation CSRF
No description provided by source. source: http://www.securityfocus.com/bid/28846/info TorrentFlux is prone to a cross-site request-forgery vulnerability and a remote PHP code-execution vulnerability. Exploiting these issues may allow a remote attacker to create administrative accounts in the...
Zomplog <= 3.8.1 upload_files.php Arbitrary File Upload Exploit
No description provided by source. ?php Zomplog = 3.8.1 Arbitrary File Upload Exploit by InATeam http://inattack.ru/ tested on versions 3.8.1 with security patch, 3.8.1, 3.8, 3.7.5 echo ------------------------------------------------------------\n; echo Zomplog = 3.8.1 Arbitrary File Upload...
Network Tool 0.2 PHPNuke Addon Metacharacter Filtering Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3552/info Network Tool is a PHPNuke addon, written and maintained by Rick Fournier. It is designed to offer network features such as nmap, traceroute, and ping from a web interface. A problem with the package has been...
Easy-Clanpage <= 2.1 - SQL Injection Exploit
No description provided by source. /----------------------------Information------------------------------------------------ +Name : Easy-Clanpage = v2.1 SQL Injection Exploit +Author : Easy Laster +Date : 30.03.2010 +Script Easy-Clanpage = v2.1 +Download : Update Version 2.01-2.1...
Laurent Adda Les Commentaires 2.0 PHP Script admin.php Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be...
Invision Power Board <= 2.3.5 - Multiple Vulnerabilities Exploit (revised)
No description provided by source. !/usr/bin/php -q ?php errorreportingEALL ^ ENOTICE; yeah ... it rox : class ipbspl var $web; function main $this-mhead; Gimme your args $this-pattack = $this-getp'attack', true; $this-pprox = $this-getp'proxhost'; $this-pproxa = $this-getp'proxauth';...
AWStats Totals <= 1.14 multisort - Remote Command Execution
No description provided by source. $Id: awstatstotalsmultisort.rb 12715 2011-05-25 10:45:36Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...
CF Image Hosting Script 1.3.82 File Disclosure
No description provided by source. !/usr/bin/perl CF Image Hosting Script 1.3.82 File Disclosure Exploit Bugfounder and Exploitcoder: bd0rk Contact: www.sohcrew.school-of-hack.net eMail: bd0rkathackermail.com Affected-Software: CF Image Hosting Script 1.3.82 Vendor: http://www.phpkode.com Downloa...
All Enthusiast PhotoPost PHP Pro 5.0 adm-photo.php Arbitrary Image Manipulation
No description provided by source. source: http://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remote vulnerabilities affect All Enthusiast PhotoPo...
PHPOutsourcing Zorum 3.x Remote Include Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6669/info It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrary PHP script containing commands...
CityPost PHP Image Editor Imgsrc URI Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13259/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...
Proxyroll.com Clone PHP Script Cookie Handling Vulnerability
No description provided by source. Exploit Title: Proxyroll.com Clone PHP Script Cookie Handling And Tamper Data Date: 02.01.2010 Author: DigitALL Thanks: Zombie KroNicKq NoFear and All 1923Turk.biz Members Version: 1.0 Code : This Site Go To /advertise.php and Paypal Buton Click and Firefox Tamp...
PANews 2.0 - Remote PHP Script Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12611/info PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'adminsetup.php...
2daybiz online classified system SQLi AND XSS Vulnerability
No description provided by source. Name : 2daybiz online classified system SQLi AND XSS Vulnerability Date : june, 16 2010 Vendor url :http://www.2daybiz.com/onlineclassifiedscript.html Critical Level : HIGH Author : Sid3^effects aKa HaRi shellc99atyahoo.com special thanks to : r0073r...
AutoIndex PHP Script (index.php) Directory Traversal Vulnerability
No description provided by source...
Mnews <= 1.1 (view.php) SQL Injection
No description provided by source. ??php / Exploit Title: Mnews = 1.1 SQL Injection Google Dork: inurl:mnews/view.php Google Dork: intitle:Mnews sistena de news Date: 03rd 06 2012 Software Link: http://phpbrasil.com/script/eo4aWVVzFd/mnews-sistema-de-noticias Version: 1.1 Tested on: Debian...
Benjamin Lefevre Dobermann Forum 0.x index.php subpath Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/6057/info Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker...