AutoIndex PHP Script 2.2.2 PHP_SELF Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26411/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in...

Free Image Hosting <= 1.0 (forgot_pass.php) File Include Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' | \\ | \\ | \ . . |\ \ \ /\ \ / /| || | | | | \ | \ Y / | || | | \ | \ \ / | || | |/ // / / ||| \ | / / \ / \ |\ /\ / / \ / \ | | | | / /\ \ / \ / \ | | | | / | / Y \ || / /| /| /...

pMachine 1.0/2.x Multiple Script sfx Parameter Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/7980/info It has been reported that pMachine is prone to remote a patch disclosure vulnerability when accessing various scripts. When a request is made for a target PHP script, possibly requiring a blank URI parameter,...

Easy Banner Pro (index.php page) Local File Inclusion

No description provided by source. ----------------------------------------------------------- Easy Banner Pro index.php page Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/easybannerpro/ Demo -...

Jason Orcutt Prometheus 3.0/4.0/6.0 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6087/info Prometheus is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Prometheus. An attacker may...

Killer Protection 1.0 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5905/info The Killer Protection PHP script is prone to an information-disclosure issue. Reportedly, unauthorized users can access sensitive user data by requesting the 'vars.inc' file in a malicious HTTP request. Exploiti...

Laurent Adda Les Commentaires 2.0 PHP Script derniers_commentaires.php Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be...

LoudBlog 0.41 backend_settings.php language Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote...

cPanel < 11.25 CSRF - Add User php Script

No description provided by source. Exploit Title: cPanel 11.25 CSRF - Add php script Date: 27.05.2011 Author: ninjashell Software Link: http://cpanel.net Version: 11.25 see details below Tested on: Linux CVE : N/A I. Introduction cPanel versions below and excluding 11.25 , are vulnerable to CSRF...

JV2 Folder Gallery 3.0 0 - (download.php) Remote File Disclosure Exploit

No description provided by source. / Script Name :JV2 Folder Gallery Script site :www.jv2.net Discovered by :SaO Exploit Coded by :PeTrO Credits To soulreaver,Kuz3y Compile: Visual C++ or DevC++ / include stdio.h include string.h include winsock.h pragma commentlib,ws232.lib int mainint argc, cha...

EgO 0.7b - (fckeditor) Remote File Upload

No description provided by source. Title: EgO v0.7b fckeditor Remote File Upload Download: http://sourceforge.net/projects/vairux-ego/ AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...

Laurent Adda Les Commentaires 2.0 PHP Script fonctions.lib.php Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be...

PHP Script Directory Software (sbcat_id) SQL Injection Vulnerability

No description provided by source. == Author: BorN To K!LL - h4ck3r Contact: [email protected] == Script: PHP script directory software Version: n/a Link: http://www.softbizsolutions.com/script-directory-software.php == 3xploit: path/showcats.php?sbcatid=SQL-Injection 3xample:...

PHP 3-5 Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19933/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. This...

Text Exchange Pro (index.php page) Local File Inclusion

No description provided by source. ----------------------------------------------------------- Text Exchange Pro index.php page Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/text-exchange-pro/ Demo -...

Download Center 2.2 - SQL injection Vulnerability

No description provided by source. Name : MHP DownloadScript v2.2 = SQL injection Vulnerability +Autor : DeadLy DeMon +Date : 18.12.2010 +Script : MHP DownloadScript v2.2 +Download : ---- +Site : http://www.mhproducts.de/php-scripte-5/tools-dienste/download-center.html +Dork : Not Dork +Price :...

Benjamin Lefevre Dobermann Forum 0.x newtopic.php subpath Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/6057/info Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker...

Multiple WordPress Plugins (TimThumb 2.8.13 WordThumb 1.07) - WebShot Remote Code Execution

Multiple WordPress Plugins TimThumb 2.8.13 WordThumb 1.07 - WebShot Remote Code Execution | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress...

Caldera 'cdir' Parameter Absolute Path Directory Traversal

The Caldera installation on the remote host contains a PHP script that is affected by a directory traversal vulnerability. A remote, unauthenticated attacker can exploit this issue by sending a crafted request to the '/dirmng/index.php' script, allowing access to arbitrary directories on the remo...

Western Digital Arkeia lang Cookie Local File Inclusion

The remote Western Digital Arkeia device hosts a PHP script that is affected by a local file inclusion vulnerability. A remote, unauthenticated attacker can exploit this issue to read or execute arbitrary files by crafting a request with directory traversal sequences in the 'lang' cookie. Note th...